Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2025/07/22 8:49 p.m.3 views

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.2 views

SUSE CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension...

6.5CVSS8.4AI score0.00976EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/02/24 3:43 p.m.3 views

Mozilla: Content Security Policy violation report could have contained the destination of a redirect

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox 86,...

4.3CVSS7.2AI score0.01212EPSS
Exploits0References5
OSV
OSV
added 2020/10/06 2:24 p.m.2 views

GHSA-2Q4G-W47C-4674 Unpreventable top-level navigation

Impact The will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. Patches 11.0.0-beta.1 10.0.1 9.3.0 8.5.1 Workarounds Sandbox all your iframes using the...

7.5CVSS5.9AI score0.01351EPSS
Exploits0References4
NVD
NVD
added 2018/12/11 4:29 p.m.12 views

CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension...

6.5CVSS6.7AI score0.00976EPSS
Exploits0References6
OSV
OSV
added 2018/12/11 4:29 p.m.1 views

DEBIAN-CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension...

6.5CVSS8.4AI score0.00976EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/12/11 4:29 p.m.24 views

CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension...

6.5CVSS6.9AI score0.00976EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/12/11 3:0 p.m.20 views

CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension...

6.7AI score0.00976EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2018/12/05 7:3 p.m.35 views

CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension...

6.5CVSS3.9AI score0.00976EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/06/06 12:0 a.m.35 views

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...

8.8CVSS7.2AI score0.01849EPSS
Exploits1References3
Rows per page
Query Builder