135 matches found
SUSE CVE-2023-23604
A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...
Security feature bypass
A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...
CVE-2023-23604 Creation of duplicate SystemPrincipal from less secure contexts
A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...
CVE-2023-23604
A vulnerability (CVE-2023-23604) affects Mozilla Firefox older than 109. A duplicate SystemPrincipal object could be created when parsing a non-system HTML document via DOMParser::ParseFromSafeString, potentially bypassing web security checks. The issue is documented across multiple sources (nota...
SUSE CVE-2017-7038
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component...
SUSE CVE-2021-23974
The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...
Remote Code Execution(RCE)
firefox is vulnerable to Remote Code ExecutionRCE. A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString leading to web security bypass, which allows an attacker to upload and execute malicious code on the system under attac...
USN-5816-1 firefox vulnerabilities
Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...
USN-5816-1: Firefox vulnerabilities
Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...
CVE-2023-23604
A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...
UBUNTU-CVE-2023-23604
A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...
Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass
Exploit Title: Revenue Collection System v1.0 - Authentication Bypass via Stored XSS Exploit Author: Joe Pollock Date: November 16, 2022 Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link:...
Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass Exploit
Exploit Title: Revenue Collection System v1.0 - Authentication Bypass via Stored XSS Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip Tested on: Ka...
Improper Input Validation
xmldom is vulnerable to improper input validation. The vulnerability exists in dom.js because the DOMParser and XMLSerializer modules are not properly validated which allows an attacker to access the system and perform unauthorized actions...
CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
Design/Logic Flaw
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353
CVE-2022-39353 — The xmldom library’s DOMParser can parse XML with multiple top-level elements, adding multiple root nodes to Document.childNodes without error. This violates the single-root assumption and is the underlying issue that prompted CVE-2022-39299. Affected: xmldom (JavaScript XML DOM ...
CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
Mozilla Firefox Security Advisory (MFSA2012-68) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...