256 matches found
Rocky Linux 8 : thunderbird (RLSA-2022:0129)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0129 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox...
Altair Input Validation Error Vulnerability
Altair is a beautiful and feature-rich GraphQL client IDE for Altair GraphQL open source. An input validation error vulnerability exists in versions prior to Altair 5.2.5, which stems from an application that does not clean up an external URL before passing it to the underlying system...
PT-2023-30598 · Qualys · Qualys Container Scanning Connector Plugin
Name of the Vulnerable Software and Affected Versions: Qualys Container Scanning Connector Plugin versions 1.6.2.6 and earlier Description: An incorrect permission check in the Qualys Container Scanning Connector Plugin allows attackers with global Item/Configure permission, but lacking...
Mozilla: Full screen notification obscured by external program
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks...
DEBIAN-CVE-2023-4053
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbird 115.2...
Mozilla: Fullscreen notification obscured
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks...
Mozilla: Fullscreen notification obscured
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks...
Short URL < 1.6.5 - Admin+ Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, add the POC alert1 to the...
SUSE CVE-2023-37207
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...
DEBIAN-CVE-2023-37207
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...
UBUNTU-CVE-2023-37207
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox that originates from a website that may obscure full-screen notifications by using URLs that have a scheme handled by an external program, such as a mailto URL. This could...
SUSE CVE-2019-7616
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery SSRF flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an...
SUSE CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22748
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
DEBIAN-CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22748
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22748
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...