5125 matches found
CVE-2024-6611
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6608
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6611 Incorrect handling of SameSite cookies
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6611 Incorrect handling of SameSite cookies
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6611
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6608 Cursor could be moved out of the viewport using pointerlock.
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6608
The CVE-2024-6608 issue affects Mozilla Firefox (and related Thunderbird components) where pointerlock can move the cursor from within an iframe to outside the viewport and even outside the Firefox window. Affected versions are Firefox < 128 and Thunderbird
CVE-2024-6608 Cursor could be moved out of the viewport using pointerlock.
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox due to an error when moving the cursor using the pointerlock in an iframe. An attacker can exploit the vulnerability to bypass security restrictions...
LINE client for iOS vulnerable to universal cross-site scripting
Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
ALSA-2024:3954 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fixes: firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant...
Security Vulnerabilities fixed in Thunderbird 115.12 — Mozilla
Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which...
BIT-SUITECRM-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame
SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...
CVE-2024-5739
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...
CVE-2024-5739
CVE-2024-5739 affects the LINE client for iOS prior to 14.9.0, where the in‑app browser can be abused via a malicious iframe to execute arbitrary JavaScript in the top frame (UXSS). An attacker must trigger a click on the iframe; if exploited, this could capture or alter content and user session ...
CVE-2024-5739
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...
CVE-2024-5739
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...