Lucene search
K

12 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox

Under unusual circumstances, an individual thread may survive the termination of its manager during shutdown. This could lead to a use-after-free condition, resulting in a potentially exploitable crash. This vulnerability affects Firefox versions earlier than 98...

6.5CVSS7AI score0.00554EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Firefox

By using XSL Transforms, a malicious webserver could serve a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox versions earlier than 97...

8.8CVSS7.3AI score0.00586EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain with the new domain correctly shown in the address bar resulting in possible user confusion. This vulnerability affects Firefox ...

6.5CVSS8.3AI score0.00965EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.3 views

SUSE CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

6.5CVSS8.6AI score0.00548EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/12/09 12:43 p.m.4 views

Mozilla: Denial of Service when using the Location API in a loop

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS7.3AI score0.01597EPSS
Exploits0References4
OSV
OSV
added 2021/12/08 10:15 p.m.1 views

DEBIAN-CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

4.3CVSS6.1AI score0.01527EPSS
Exploits0References1
OSV
OSV
added 2021/11/03 1:15 a.m.2 views

CVE-2021-38491

Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox 92...

6.5CVSS7.4AI score0.00852EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/10/13 9:30 a.m.4 views

Mozilla: Use-after-free of nsLanguageAtomService object

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

7.5CVSS7.4AI score0.0142EPSS
Exploits0References4
OSV
OSV
added 2021/08/05 8:15 p.m.3 views

CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain with the new domain correctly shown in the address bar resulting in possible user confusion. This vulnerability affects Firefox ...

6.5CVSS7.4AI score0.00965EPSS
Exploits1References3
OSV
OSV
added 2021/08/05 8:15 p.m.3 views

CVE-2021-29974

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security which implies that the error should not be override-able. This issue did not...

4.3CVSS7.4AI score0.0084EPSS
Exploits0References3
OSV
OSV
added 2021/07/15 12:0 a.m.3 views

UBUNTU-CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain with the new domain correctly shown in the address bar resulting in possible user confusion. This vulnerability affects Firefox ...

6.5CVSS6.8AI score0.00965EPSS
Exploits1References4
OSV
OSV
added 2021/07/15 12:0 a.m.5 views

UBUNTU-CVE-2021-29974

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security which implies that the error should not be override-able. This issue did not...

4.3CVSS6.1AI score0.0084EPSS
Exploits0References4
Rows per page
Query Builder