326 matches found
RHEL 9 : firefox (RHSA-2024:1485)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1485 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Privilege Escalation
Firefox is vulnerable to a Privilege Escalation. The vulnerability is due to the unauthorized injection of an event handler into a privileged object, leading to arbitrary JavaScript execution in the parent process...
CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
DEBIAN-CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
CVE-2024-29944
The CVE-2024-29944 issue affects Mozilla Firefox on desktop (not mobile), allowing an attacker to inject an event handler into a privileged object to achieve arbitrary JavaScript execution in the parent process. Affects Firefox versions older than 124.0.1 and Firefox ESR older than 115.9.1; multi...
UBUNTU-CVE-2024-29944
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...
Medium: kernel
Issue Overview: An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in dodivsz,mtd-erasesize, used indirectly by ctrlcdevioctl, when mtd-erasesize is 0. CVE-2023-31085 A flaw in the kernel Xen event handler can cause a deadlock with Xen conso...
Medium: kernel
Issue Overview: A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. CVE-2023-34324 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before callin...
Rxss in msg parameter
Affected url Affected parameter : msg It appear that html tags are rendered in the page via msg parameter. So I tried tag and it work, so i tried adding event handlers in this case onpageshow=alertdocument.domainand it trigred xss. POC :...
SUSE CVE-2011-4578
event.c in acpid aka acpid2 before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to 1 perform write operations within directories created by a script, or 2 read files created by a script, via standard filesystem system...
SUSE CVE-2013-5601
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...
SUSE CVE-2019-9820
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
SUSE CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...
GSD-2023-1000011 rtc: cmos: Fix event handler registration ordering issue
rtc: cmos: Fix event handler registration ordering issue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.14 by commit...
PT-2023-33088 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.14 Description: The issue concerns an event handler registration ordering problem in the Linux Kernel's rtc: cmos component. The actual impact and potential for attack have not been proven yet...
CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...
CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...