20 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
When injecting an HTML base element, some requests will ignore the CSP’s base-uri settings and instead accept the base-uri setting of the injected element. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
DEBIAN-CVE-2022-40956
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40956
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5649-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5649-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...
CVE-2022-40956
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Debian dla-3123 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3123 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3123-1 [email protected]...
Oracle Linux 8 : firefox (ELSA-2022-6702)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6702 advisory. 102.3.0-6.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.3.0-6 - Update to 102.3...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Updated thunderbird packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...
MGASA-2022-0347 Updated thunderbird packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...
MGASA-2022-0344 Updated firefox packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...
CVE-2022-40956
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla Firefox 跨站脚本漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 105, which stems from the fact that when injecting HTML base elements, some requests ignore the CSP's base-uri setting and accept the...
Security Vulnerabilities fixed in Firefox ESR 102.3 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...
Security Vulnerabilities fixed in Firefox 105 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...
Mozilla Firefox ESR < 102.3
The version of Firefox ESR installed on the remote Windows host is prior to 102.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-41 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...