52 matches found
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe...
Astra Linux - уязвимость в firefox, thunderbird
When navigating from within an iframe while requesting fullscreen access, a tab controlled by an attacker could prevent the browser from exiting fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Astra Linux - уязвимость в firefox, thunderbird
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized, resulting in a bypass that allowed device permissions to be leaked into untrusted sub-documents. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2025-14812
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
EUVD-2025-204563
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812
CVE-2025-14812 affects ArcSearch for iOS (Browser Company) prior to version 1.45.2. Affected behavior: after iframe-triggered URI-scheme navigation, the address bar may display a different domain than the content being shown, enabling spoofing risk. Root cause (as described in connected sources):...
PT-2025-52489
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
Browser Company ArcSearch 安全漏洞
Browser Company ArcSearch is a mobile browser from the US-based Browser Company. A security vulnerability exists in Browser Company ArcSearch versions prior to 1.45.2 that stems from iframe-triggered URI navigation leading to address bar spoofing, which may increase the risk of spoofing...
EUVD-2022-44205
Malicious code in bioql PyPI...
SUSE CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
DEBIAN-CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-22743
When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
The CVE-2022-40959 entry corresponds to a Mozilla vulnerability where during iframe navigation, FeaturePolicy was not fully initialized, allowing a bypass that leaked device permissions to untrusted subdocuments. Affected products include Firefox ESR before 102.3, Thunderbird before 102.3, and Fi...