5104 matches found
Astra Linux - уязвимость в webkit2gtk
Description: A cross-origin issue with iframe elements was addressed by improving the tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. Processing maliciously crafted web content may lead to cross-site...
Astra Linux - уязвимость в firefox, thunderbird
It was possible to create specific XSLT markup that could bypass the iframe sandbox. This vulnerability affects Firefox ESR versions prior to 91.5, Firefox versions prior to 96, and Thunderbird versions prior to 91.5...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в thunderbird
When receiving an HTML email that instructed to load an iframe element from a remote location, a request was sent to the remote document. However, Thunderbird did not display the document. This vulnerability affects Thunderbird versions 102.2.1 and Thunderbird 91.13.1...
Astra Linux - уязвимость в firefox
When Firefox is configured to block the storage of all cookies, it is still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could allow malicious websites to store tracking data without permission. This vulnerability affects Firefox versions earlier...
Astra Linux - уязвимость в firefox, thunderbird
When navigating from within an iframe while requesting fullscreen access, a tab controlled by an attacker could prevent the browser from exiting fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Astra Linux - уязвимость в firefox, thunderbird
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
Astra Linux - уязвимость в webkit2gtk
This issue has been addressed through improved enforcement of iframe sandbox rules. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
Astra Linux - уязвимость в firefox, thunderbird
Dragging a URL from a cross-origin iframe that was removed during the drag-and-drop process could lead to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
Astra Linux - уязвимость в thunderbird, firefox
Navigation was allowed when dragging a URL from a cross-origin iframe into the same tab, which could lead to website spoofing attacks. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Astra Linux - уязвимость в firefox, thunderbird
Due to a layout change, the contents of iframes might be rendered outside of their borders. This could lead to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
Astra Linux - уязвимость в firefox, thunderbird
Using tables within an iframe, an attacker could cause the iframe contents to be rendered outside the boundaries of the iframe, leading to potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Web Browser UI of Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в firefox
The element could have been manipulated to display content outside of a sandboxed iframe. This could allow untrusted content to be displayed under the guise of trusted content. This vulnerability affects Firefox versions earlier than 121...
Astra Linux - уязвимость в firefox, thunderbird
An iframe from a cross-origin origin that references an XSLT document would inherit the permissions of the parent domain such as access to microphones or cameras. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в firefox, thunderbird
The Content-Security-Policy-Report-Only header could allow an attacker to leak the unredacted URI of a child iframe when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Astra Linux - уязвимость в firefox, thunderbird
An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
Astra Linux - уязвимость в thunderbird
When receiving an HTML email that contained an iframesrcdoc attribute to define the inner HTML document, remote objects specified in the nested document—such as images or videos—were not blocked. Instead, the network was accessed, the objects were loaded, and displayed. This vulnerability affects...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...