CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

Design/Logic Flaw

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

Information disclosure

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-6210

The CVE-2023-6210 issue affects Mozilla Firefox and is triggered when an https page creates a pop-up from a javascript: URL that is incorrectly allowed to load blockable content (e.g., iframes) from insecure http URLs. The vulnerability affects Firefox versions earlier than 120. Root cause per th...

CVE-2023-6211

CVE-2023-6211 affects Mozilla Firefox earlier than 120. The initial description states that an attacker could exploit when a user is prompted to load an insecure http: page and has HTTPS-only mode enabled, by tricking the user into clicking to grant an HTTPS-only exception through a clicking game...

CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

Fedora 39 : firefox (2023-2bd5892754)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2bd5892754 advisory. - Updated to latest upstream 120.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Security Vulnerabilities fixed in Firefox 120 — Mozilla

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to ...

Mozilla Firefox < 120.0

The version of Firefox installed on the remote Windows host is prior to 120.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-49 advisory. - Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that...

Oracle Linux 8 : java-21-openjdk (ELSA-2023-6887)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6887 advisory. 1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable...

Oracle Linux 8 : python27:2.7 (ELSA-2023-7042)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7042 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 - Fix CVE-2019-6446 - Fix CVE-2014-1858, CVE-2014-1859: 1062009, 1062359 - Security fix for CVE-2023-40217 Resolves:...

Man-in-the-Middle

httpie is vulnerable to Man-in-the-Middle attacks. The vulnerability exists due to the use of urllib3.disablewarnings in client.py, which does not properly enforce hostname verification or certificate validation. This means that HTTPS warnings, crucial for debugging and security awareness, are no...

CVE-2023-6032

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS...