213 matches found
CVE-2024-1550
CVE-2024-1550 involves a vulnerability where a malicious webpage could combine exiting fullscreen mode with requestPointerLock to reposition the user’s mouse, potentially causing confusion and unintended permission grants. Affected products include Firefox versions before 123, Firefox ESR before ...
CVE-2024-1550
A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects...
Rocky Linux 8 : thunderbird (RLSA-2022:0129)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0129 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox...
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6456-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6456-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...
SUSE CVE-2023-5729
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...
CVE-2023-5729
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...
CVE-2023-5729
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...
CVE-2023-5729
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...
CVE-2023-5729
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...
CVE-2023-25730
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Design/Logic Flaw
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox 110 and Firefox ESR 102.8...
CVE-2023-25743
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox 110 and Firefox ESR 102.8...
CVE-2023-25730
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2023-25743
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox 110 and Firefox ESR 102.8...
CVE-2023-25730
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2023-25743
The provided documents confirm CVE-2023-25743 affects Firefox Focus and describes a vulnerability where there is a lack of in-app notification when entering fullscreen mode. This could allow a malicious website to spoof the browser chrome. The root cause is the missing fullscreen notification in ...
GLSA-202305-36 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-36 Mozilla Thunderbird: Multiple Vulnerabilities - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily...
Security fix for the ALT Linux 10 package firefox-esr version 102.8.0-alt1
102.8.0-alt1 built March 15, 2023 Pavel Vasenkov in task 316239 March 3, 2023 Pavel Vasenkov - New ESR version. - Security fixes + CVE-2023-25728 Content security policy leak in violation reports using iframes + CVE-2023-25730 Screen hijack via browser fullscreen mode + CVE-2023-0767 Arbitrary...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5943-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5943-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
AlmaLinux 9 : thunderbird (ALSA-2023:0824)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:0824 advisory. - Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP CVE-2023-0616 - An attacker could construct a PKCS 12 cert bundle in such a wa...