1945 matches found
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
KLA20174 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Security bypass vulnerability in libusrsctp can be exploited...
Mozilla Firefox ESR Security Advisories (MFSA2022-54, MFSA2023-02) - Mac OS X
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
KLA20169 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in Fullscreen notification can be...
Mozilla Firefox Security Feature Issue Vulnerability (CNVD-2023-05206)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature issue that stems from a lack of security checks in the sourceMapURL feature of devtools. A remote attacker could use the vulnerability to trick a victim into performing...
CVE-2022-28283
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...
CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
Design/Logic Flaw
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...
Command injection
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
CVE-2022-28283
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...
CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
CVE-2022-28283
Summary (CVE-2022-28283) : The Firefox devtools sourceMapURL feature lacked security checks, potentially allowing a webpage to access local files or otherwise inaccessible resources. Affected: Firefox versions earlier than 99. Impact as described: confidentiality impact (local file access) with n...
Insufficient Policy Enforcement
chromium is vulnerable to insufficient policy enforcement.The vulnerability exists due to Insufficient policy enforcement in devtools, which allows a remote attacker to bypass navigation restrictions via a crafted HTML page...
Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium) < 108.0.1462.41 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.41. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to...