PT-2024-5216 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 122.0.6261.57 Description: The issue is related to a use after free in DevTools, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could enable the attacke...

KLA63960 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET can be exploited remotely to cause deni...

Mageia: Security Advisory (MGASA-2024-0023)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Privilege escalation through devtools

The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges...

DEBIAN-CVE-2024-0810

Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a denial of service vulnerability caused by an error when using certain WASM files in devtools. An attacker can exploit the vulnerability to cause the browser to crash...

KLA62822 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in NET, .NET...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass a security measure, gain bypass, gain elevated privileges and thus potentially execute arbitrary code with SYSTEM privileges. Obtaining...

KLA62432 SUI vulnerability in Microsoft Developer Tools

A spoofing vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2023-21751 Related products Microsoft-Azure CVE list CVE-2023-21751 high KB list Solution Install necessary updates from the KB section,...

KLA62069 OSI vulnerability in Microsoft Developer Tools

An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2023-36013 Related products PowerShell CVE list CVE-2023-36013 high KB list Solution Install necessary updates fr...

KLA61979 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege...

HCL Technologies Compass Access Control Error Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from an Access Control Error vulnerability that stems from the application not disablin...

HCL Technologies Compass Weak Password Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a weak password vulnerability that stems from susceptibility to insecure password...

React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

GHSA-RXRC-RGV4-JPVX React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

Input validation

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The CVE-2023-5654 issue affects the React Developer Tools extension and is caused by a content-script listener registered with window.addEventListener('message', …) that fetches a URL derived from a received message without validating/sanitising it. This allows a malicious page to trigger the vic...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

React Developer Tools Security Vulnerability

Facebook React Developer Tools is a JavaScript library for building user interfaces from Facebook Inc. A security vulnerability exists in React Developer Tools version v4.27.8, which stems from an extension that registers a message listener in content scripts, where code within the listener does...