7 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-38503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
DEBIAN-CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
Mozilla: X-Frame-Options bypass using object or embed tags
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird 78 and Firefox 78.0.2...
Mozilla: X-Frame-Options bypass using object or embed tags
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird 78 and Firefox 78.0.2...
Mozilla: X-Frame-Options bypass using object or embed tags
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird 78 and Firefox 78.0.2...
UBUNTU-CVE-2014-1346
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL...