Lucene search
K

213 matches found

CVE
CVE
added 2024/02/20 1:21 p.m.7282 views

CVE-2024-1550

CVE-2024-1550 involves a vulnerability where a malicious webpage could combine exiting fullscreen mode with requestPointerLock to reposition the user’s mouse, potentially causing confusion and unintended permission grants. Affected products include Firefox versions before 123, Firefox ESR before ...

6.1CVSS7.2AI score0.00575EPSS
Exploits0References6Affected Software2
Debian CVE
Debian CVE
added 2024/02/20 1:21 p.m.29 views

CVE-2024-1550

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects...

6.1CVSS7.9AI score0.00575EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.43 views

Rocky Linux 8 : thunderbird (RLSA-2022:0129)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0129 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox...

10CVSS7.8AI score0.0134EPSS
Exploits6References25
Tenable Nessus
Tenable Nessus
added 2023/10/30 12:0 a.m.35 views

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6456-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6456-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...

9.8CVSS7.7AI score0.01585EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/10/27 12:56 a.m.4 views

SUSE CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

4.3CVSS8.4AI score0.00586EPSS
Exploits0References7
OSV
OSV
added 2023/10/25 6:17 p.m.4 views

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

4.3CVSS7.2AI score0.00586EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/25 12:0 a.m.23 views

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

4.3CVSS6.1AI score0.00586EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/24 12:47 p.m.23 views

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

6.3AI score0.00586EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/10/24 12:47 p.m.23 views

CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

4.3CVSS7.3AI score0.00586EPSS
Exploits0
NVD
NVD
added 2023/06/02 5:15 p.m.24 views

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

5.4CVSS6.1AI score0.00546EPSS
Exploits0References4
Prion
Prion
added 2023/06/02 5:15 p.m.21 views

Design/Logic Flaw

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox 110 and Firefox ESR 102.8...

5CVSS7.1AI score0.00649EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/06/02 5:15 p.m.25 views

CVE-2023-25743

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox 110 and Firefox ESR 102.8...

7.5CVSS7.1AI score0.00649EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.20 views

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.4AI score0.00546EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.9 views

CVE-2023-25743

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox 110 and Firefox ESR 102.8...

6.1AI score0.00649EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/06/02 12:0 a.m.27 views

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

5.4CVSS7.4AI score0.00546EPSS
Exploits0
CVE
CVE
added 2023/06/02 12:0 a.m.184 views

CVE-2023-25743

The provided documents confirm CVE-2023-25743 affects Firefox Focus and describes a vulnerability where there is a lack of in-app notification when entering fullscreen mode. This could allow a malicious website to spoof the browser chrome. The root cause is the missing fullscreen notification in ...

7.5CVSS7.2AI score0.00649EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.30 views

GLSA-202305-36 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-36 Mozilla Thunderbird: Multiple Vulnerabilities - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily...

8.8CVSS7.8AI score0.01185EPSS
Exploits2References38
ALT Linux
ALT Linux
added 2023/03/15 12:0 a.m.39 views

Security fix for the ALT Linux 10 package firefox-esr version 102.8.0-alt1

102.8.0-alt1 built March 15, 2023 Pavel Vasenkov in task 316239 March 3, 2023 Pavel Vasenkov - New ESR version. - Security fixes + CVE-2023-25728 Content security policy leak in violation reports using iframes + CVE-2023-25730 Screen hijack via browser fullscreen mode + CVE-2023-0767 Arbitrary...

8.5AI score0.00817EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.32 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5943-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5943-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

8.8CVSS7.5AI score0.00817EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/02/23 12:0 a.m.33 views

AlmaLinux 9 : thunderbird (ALSA-2023:0824)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:0824 advisory. - Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP CVE-2023-0616 - An attacker could construct a PKCS 12 cert bundle in such a wa...

8.8CVSS7.8AI score0.00817EPSS
Exploits0References14
Rows per page
Query Builder