222 matches found
Mozilla: XLL file extensions were downloadable without warnings
The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...
Authorization
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication...
SAMSUNG Internet Security Breach
SAMSUNG Internet is a cell phone application from Samsung South Korea. It provides a browser function. A security vulnerability exists in SAMSUNG Internet version 22.0.0.35, which stems from an improper authorization vulnerability that allows a physical attacker to access downloaded files in a...
The vulnerability of Mozilla Firefox’s full-screen notifications allows attackers to perform spoofing attacks.
The vulnerability of Mozilla Firefox’s full-screen notifications is related to the absence of warnings about dangerous actions when loading pop-up windows for downloaded files. Exploiting this vulnerability can allow a remote attacker to carry out spoofing attacks...
CVE-2022-28864
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...
DEBIAN-CVE-2023-25729
Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already...
CVE-2023-27943
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...
The vulnerability in the full-screen notification mode of the Mozilla Firefox browser on Android operating systems allows a hacker to perform spoofing attacks.
The vulnerability in the full-screen notification mode of the Mozilla Firefox browser on Android operating systems relates to the absence of warnings about dangerous actions when loading pop-up windows for downloaded files. Exploiting this vulnerability allows a remote attacker to carry out...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files...
Apple iOS 和 iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS, which arises from the possibility that files download...
The vulnerability in the implementation of Google Chrome’s browser extension programming interface allows a perpetrator to circumvent security restrictions.
The vulnerability of Google Chrome’s application programming interface extensions is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions by downloading specially created extensions...
Mozilla: Extensions could have opened external schemes without user knowledge
The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...
Mozilla: Extensions could have opened external schemes without user knowledge
The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...
SUSE CVE-2005-3895
Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...
SUSE CVE-2014-1480
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site...
SUSE CVE-2019-5774
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file...
SUSE CVE-2021-38510
The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 94, Thunderbird...