11 matches found
NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0025)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free conditio...
Oracle Linux 6 : thunderbird (ELSA-2020-5238)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5238 advisory. 78.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.5.0-1 - Update to 78.5.0 build3 Tenable has...
CVE-2020-26951
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...
Design/Logic Flaw
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...
CVE-2020-26951
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...
CVE-2020-26951
A parsing and event loading mismatch in Firefox’s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...
Vulnerability of syntactic analysis and event loading in SVG code of Firefox web browser and Thunderbird email client, allowing attackers to perform cross-site scripting attacks (XSS).
The vulnerability of syntax analysis and event loading in SVG code of Firefox web browsers and Thunderbird email clients is related to the lack of integrity checks. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...
Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...
CVE-2020-26951
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...
Mozilla Firefox 跨站脚本漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. FireFox suffers from a cross-site scripting vulnerability that stems from a mismatch between parsing and event loading in SVG code that could result in a load event being triggered, even after being...