CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS

Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src attribute of , and elements, and does not restrict other attributes, an attacker can inject arbitrary HTML through srcdoc. This completel...

MiracleLinux 8 : thunderbird-91.5.0-1.el8.ML.1 (AXSA:2022-2980:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2980:02 advisory. Mozilla: Iframe sandbox bypass with XSLT CVE-2021-4140 Mozilla: Race condition when playing audio files CVE-2022-22737 Mozilla: Heap-buffer-overflow...

EUVD-2019-9387

Malware in sbrugna...

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

CVE-2022-22759

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...

SUSE-SU-2022:14880-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. - CVE-2022-22739:...

Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5152-1)

The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5152-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

Mozilla Firefox < 94.0

The version of Firefox installed on the remote Windows host is prior to 94.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-48 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such...

DEBIAN-CVE-2021-30533

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe...

Google Chrome 权限许可和访问控制问题漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A permission-permit and access-control issue vulnerability exists in versions prior to Google Chrome PopupBlocker 91.0.4472.77, which can be exploited by remote...

PT-2020-14247

Name of the Vulnerable Software and Affected Versions Electron versions prior to 11.0.0-beta.1 Electron versions prior to 10.0.1 Electron versions prior to 9.3.0 Electron versions prior to 8.5.1 Description The will-navigate event can be bypassed when a sub-frame performs a top-frame navigation...

Design/Logic Flaw

Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction...

UBUNTU-CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...