19 matches found
EUVD-2022-27886
Malicious code in bioql PyPI...
SUSE CVE-2020-26954
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
Code injection
When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Code injection
When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22743
CVE-2022-22743 affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird
CVE-2022-22741
CVE-2022-22741 : A fullscreen-related issue in Firefox/Thunderbird where resizing a popup while requesting fullscreen could trap the popup in fullscreen and prevent exit. Affected: Firefox ESR < 91.5, Firefox < 96, Thunderbird
CVE-2022-26383
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...
SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:0906-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0906-1 advisory. - An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5321-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5321-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...
MGASA-2022-0093 Updated firefox packages fix security vulnerabilities
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash CVE-2022-26381. When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification CVE-2022-26383. If an attacker coul...
SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:0199-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0199-1 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox...
MGASA-2022-0019 Updated thunderbird packages fix security vulnerability
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...
CVE-2022-22741
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup and requesting fullscreen access, the popup would have become unable to leave fullscreen mode...
Mozilla: Missing fullscreen and pointer lock notification when requesting both
The Mozilla Foundation Security Advisory describes this flaw as: By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks...
Mozilla: Missing fullscreen and pointer lock notification when requesting both
The Mozilla Foundation Security Advisory describes this flaw as: By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks...
CVE-2021-23976
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
CVE-2021-23976
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
CVE-2021-23976
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
Cross site scripting
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...