Lucene search
K

95 matches found

redhat
redhat
added 2017/08/24 6:45 a.m.6 views

Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...

5.3CVSS7.4AI score0.01837EPSS
Exploits1References5
nessus
nessus
added 2017/08/14 12:0 a.m.33 views

openSUSE Security Update : MozillaFirefox (openSUSE-2017-921)

This update to Mozilla Firefox 52.3esr fixes a number of security issues. The following vulnerabilities were advised upstream under MFSA 2017-19 boo1052829 : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection -...

10CVSS7.4AI score0.04187EPSS
Exploits12References17
redhat
redhat
added 2017/08/10 11:20 p.m.8 views

Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...

5.3CVSS7.4AI score0.01837EPSS
Exploits1References5
osv
osv
added 2017/08/10 12:0 a.m.3 views

UBUNTU-CVE-2017-7791

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...

5.3CVSS6.8AI score0.01837EPSS
Exploits1References4
redhatcve
redhatcve
added 2017/08/09 1:48 a.m.28 views

CVE-2017-7791

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...

5.3CVSS3.3AI score0.01837EPSS
Exploits1References2
mozilla
mozilla
added 2017/08/08 12:0 a.m.521 views

Security vulnerabilities fixed in Firefox ESR 52.3 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...

9.8CVSS9.7AI score0.04187EPSS
Exploits7References17Affected Software1
ptsecurity
ptsecurity
added 2017/08/05 12:0 a.m.6 views

PT-2017-19223 · Sma Solar Technology · Sunny Tripower +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products affected versions not specified Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30 Description: The SMAdata2+ communication protocol in SMA Solar Technology products does not properly us...

8.1CVSS7.1AI score0.00689EPSS
Exploits0References5
osv
osv
added 2017/07/18 9:29 p.m.1 views

DEBIAN-CVE-2017-11406

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values...

7.5CVSS7.8AI score0.03024EPSS
Exploits0References1
redhat
redhat
added 2017/01/25 9:31 a.m.3 views

Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...

7.5CVSS7.3AI score0.02269EPSS
Exploits1References5
redhatcve
redhatcve
added 2017/01/25 7:17 a.m.25 views

CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...

7.5CVSS2.9AI score0.02269EPSS
Exploits1References2
osv
osv
added 2017/01/25 12:0 a.m.2 views

UBUNTU-CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...

7.3CVSS7.1AI score0.02269EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2017/01/25 12:0 a.m.25 views

CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...

7.5CVSS7.1AI score0.02269EPSS
Exploits1References3
mozilla
mozilla
added 2017/01/24 12:0 a.m.68 views

Security vulnerabilities fixed in Firefox 51 — Mozilla

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potential...

9.8CVSS9.7AI score0.33199EPSS
Exploits16References27Affected Software1
hackerone
hackerone
added 2016/02/11 10:34 a.m.34 views

New Relic: [login.newrelic.com] XSS via return_to

The returnto parameter is not validated properly, which allows an attacker to execute javascript via the data: protocol: https://login.newrelic.com/login?returnto=data:text/html%3Bbase64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg%3D%3D Despite being executed not in the newrelic domain, the script still c...

1AI score
Exploits0
nessus
nessus
added 2015/12/07 12:0 a.m.18 views

Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing

Binary data 9017.prm...

4.3CVSS9.7AI score0.01842EPSS
Exploits0References3
intothesymmetry
intothesymmetry
added 2015/08/17 9:21 a.m.210 views

Apple Safari SOP bypass (CVE-2015-3753)

Damien Antipa and me love browser security. Hence we always keep up to date on what is going on this field. Few months ago Christian Schneider blogged about Chrome SOP Bypass with SVG. We decided to poke some other browser using the same technique and the outcome was CVE-2015-3753. The SOP-bypass...

5CVSS0.6AI score0.02655EPSS
Exploits0
threatpost
threatpost
added 2015/03/09 10:9 a.m.21 views

TextSecure to Drop Support for Encrypted SMS

Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security an...

0.4AI score
Exploits0References5
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.158 views

Microsoft Windows multiple security vulnerabilities

Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS...

10CVSS3.9AI score0.32096EPSS
Exploits19Affected Software1
prion
prion
added 2013/01/09 6:9 p.m.25 views

Denial of service

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

7.8CVSS6.9AI score0.32096EPSS
Exploits0References3Affected Software1
openvas
openvas
added 2013/01/09 12:0 a.m.35 views

Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)

This host is missing an important security update according to Microsoft Bulletin MS13-004. OpenVAS Vulnerability Test $Id: secpodms13-007.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Open Data Protocol DOS Vulnerability 2769327 Authors: Antu Sanadi Copyright: Copyright c 2013...

7.8CVSS0.32096EPSS
Exploits0References6
Rows per page
Query Builder