38 matches found
CVE-2022-40959
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Design/Logic Flaw
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
The CVE-2022-40959 entry corresponds to a Mozilla vulnerability where during iframe navigation, FeaturePolicy was not fully initialized, allowing a bypass that leaked device permissions to untrusted subdocuments. Affected products include Firefox ESR before 102.3, Thunderbird before 102.3, and Fi...
ROS-20221007-05
Firefox browser vulnerability is related to a bounds error in HTML content processing. Exploitation The vulnerability could allow a remote attacker to create a customized website, trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system. the victi...
GLSA-202209-27 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-27 Mozilla Firefox: Multiple Vulnerabilities - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. CVE-2022-40956 - Inconsistent data i...
Authentication Bypass
firefox is vulnerable to authentication bypass. The vulnerability exists because certain pages do not have their FeaturePolicy fully initialized which allows an attacker to bypass the leaked device permissions into untrusted sub documents...
SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:3441-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3441-1 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's bas...
Oracle Linux 8 : thunderbird (ELSA-2022-6708)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6708 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...
Debian dla-3123 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3123 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3123-1 [email protected]...
Oracle Linux 8 : firefox (ELSA-2022-6702)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6702 advisory. 102.3.0-6.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.3.0-6 - Update to 102.3...
Debian DSA-5238-1 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5238 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. CVE-2022-40956 -...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
SUSE-SU-2022:3440-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr bsc1203477: - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. -...
Mozilla: Bypassing FeaturePolicy restrictions on transient pages
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
Mozilla: Bypassing FeaturePolicy restrictions on transient pages
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
Mozilla: Bypassing FeaturePolicy restrictions on transient pages
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
Mozilla: Bypassing FeaturePolicy restrictions on transient pages
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...