4 matches found
CVE-2023-52081
ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...
CVE-2023-52081
ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...
CVE-2023-52081
ffcss (the Firefox CSS themes CLI) before version 0.2.0 contains a vulnerability in lookupPreprocess() where late Unicode normalization (NFKD) can bypass the intended regex filter and reintroduce characters like _ and ., allowing relaxed theme searches. The security impact is described as low and...
CVE-2023-52081 ewen-lbh/ffcss late-Unicode normalization vulnerability
ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...