Astra Linux - уязвимость в firefox, thunderbird

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized, resulting in a bypass that allowed device permissions to be leaked into untrusted sub-documents. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

MiracleLinux 7 : firefox-102.3.0-6.0.1.el7.AXS7 (AXSA:2022-3888:23)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3888:23 advisory. Mozilla: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40959 Mozilla: Data-race when parsing non-UTF-8 URLs in threads...

SUSE CVE-2022-40959

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

DEBIAN-CVE-2022-40959

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

The vulnerability in the implementation of the FeaturePolicy mechanism in browsers such as Firefox, Firefox ESR, and the email client Thunderbird allows a violator to circumvent security restrictions.

The vulnerability in the implementation of the FeaturePolicy mechanism in Firefox browsers, Firefox ESR, and the Thunderbird email client is related to an incorrect limitation on the number of user interface layers or frames that can be displayed. Exploiting this vulnerability could allow a...

SUSE-SU-2022:3441-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr bsc1203477: - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. -...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

RLSA-2022:6708 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 Mozilla: Bypassing FeaturePolicy...

RHEL 8 : thunderbird (RHSA-2022:6708)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6708 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: Mozilla:...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 105, which stems from a FeaturePolicy not being fully initialized on certain pages during iframe navigation, which could lead to a...

Feature and Permission Policies. Security issues

Introduction In order to help enhance the user experience of their site, companies may ask to use features of your browser, such as geolocation or notifications to produce a more tailored experience. Web site developers may configure the site or allow third-party content, loaded in frames, to use...

arkadiyt-projects: Feature-Policy Header is Missing and Pastebin files

hey your website is very secure but i get only missing Feature-Policy Header if you add this webiste become more secure and i found two pastebin filesusing Google Dork : url : site:pastebin.com https://arkadiyt.com/ 1 https://pastebin.com/feaw9Ti8 2 https://pastebin.com/E0tLN2uJ Impact...