Lucene search
K

5125 matches found

AlpineLinux
AlpineLinux
added 2024/07/09 3:15 p.m.24 views

CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

9.8CVSS8.7AI score0.00662EPSS
Exploits0
NVD
NVD
added 2024/07/09 3:15 p.m.15 views

CVE-2024-6608

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...

4.3CVSS0.00377EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/09 2:25 p.m.15 views

CVE-2024-6611 Incorrect handling of SameSite cookies

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

8AI score0.00662EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/09 2:25 p.m.24 views

CVE-2024-6611 Incorrect handling of SameSite cookies

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

0.00662EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/07/09 2:25 p.m.18 views

CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

9.8CVSS7.6AI score0.00662EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/09 2:25 p.m.15 views

CVE-2024-6608 Cursor could be moved out of the viewport using pointerlock.

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...

5.8AI score0.00377EPSS
Exploits0References3
CVE
CVE
added 2024/07/09 2:25 p.m.305 views

CVE-2024-6608

The CVE-2024-6608 issue affects Mozilla Firefox (and related Thunderbird components) where pointerlock can move the cursor from within an iframe to outside the viewport and even outside the Firefox window. Affected versions are Firefox < 128 and Thunderbird

4.3CVSS8.6AI score0.00377EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2024/07/09 2:25 p.m.21 views

CVE-2024-6608 Cursor could be moved out of the viewport using pointerlock.

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...

0.00377EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox due to an error when moving the cursor using the pointerlock in an iframe. An attacker can exploit the vulnerability to bypass security restrictions...

4.3CVSS6.5AI score0.00377EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/24 2:5 a.m.3 views

LINE client for iOS vulnerable to universal cross-site scripting

Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...

6.1CVSS5.9AI score0.00269EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/20 10:36 a.m.6 views

Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window

The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...

4.7CVSS7.3AI score0.00654EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/06/20 6:52 a.m.6 views

Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window

The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...

4.7CVSS7.3AI score0.00654EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/06/17 1:21 p.m.3 views

Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window

The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...

4.7CVSS7.3AI score0.00654EPSS
Exploits0References6
OSV
OSV
added 2024/06/17 12:0 a.m.13 views

ALSA-2024:3954 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fixes: firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant...

8.6CVSS8.4AI score0.0107EPSS
Exploits1References16
Mozilla
Mozilla
added 2024/06/13 12:0 a.m.54 views

Security Vulnerabilities fixed in Thunderbird 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which...

8.6CVSS7.5AI score0.0107EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2024/06/12 7:36 a.m.17 views

BIT-SUITECRM-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

9CVSS7AI score0.00407EPSS
Exploits0References2
OSV
OSV
added 2024/06/12 7:15 a.m.4 views

CVE-2024-5739

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...

6.1CVSS5.6AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2024/06/12 7:0 a.m.60 views

CVE-2024-5739

CVE-2024-5739 affects the LINE client for iOS prior to 14.9.0, where the in‑app browser can be abused via a malicious iframe to execute arbitrary JavaScript in the top frame (UXSS). An attacker must trigger a click on the iframe; if exploited, this could capture or alter content and user session ...

6.1CVSS5.7AI score0.00269EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/12 7:0 a.m.25 views

CVE-2024-5739

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...

6.1CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/12 7:0 a.m.11 views

CVE-2024-5739

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...

6.1CVSS5.2AI score0.00269EPSS
Exploits0References1
Rows per page
Query Builder