Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

Gitea Git Fetch Remote Code Execution

This module exploits Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affect Gitea before 1.16.7 version. Module Options msf use exploit/multi/http/giteagitfetchrce msf exploitgiteagitfetchrce show targets...

node-fetch: exposure of sensitive information to an unauthorized actor

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

Gitea Git Fetch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...

UBUNTU-CVE-2022-45410

When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR...

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c

A flaw was found in LibTIFF where a NULL source pointer passed as an argument to the memcpy function within the TIFFFetchNormalTag in tifdirread.c. This flaw allows an attacker with a crafted TIFF file to cause a crash that leads to a denial of service...

OESA-2022-2067 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

Security Bulletin: IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2021-42581 DESCRIPTION: Ramda could allow a remote attacker t...

CVE-2022-43278

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /phpaction/fetchSelectedCategories.php...