Lucene search
K

5125 matches found

Mozilla
Mozilla
added 2023/03/14 12:0 a.m.46 views

Security Vulnerabilities fixed in Firefox ESR 102.9 — Mozilla

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website...

8.8CVSS1AI score0.00798EPSS
Exploits0References6Affected Software1
Kaspersky
Kaspersky
added 2023/03/14 12:0 a.m.38 views

KLA48551 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in JIT...

8.8CVSS9.3AI score0.00798EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.32 views

Mozilla Firefox ESR < 102.9

The version of Firefox ESR installed on the remote Windows host is prior to 102.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-10 advisory. - Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs...

8.8CVSS8.1AI score0.00798EPSS
Exploits0References7
Veracode
Veracode
added 2023/03/13 5:45 a.m.37 views

Information Disclosure

Google Chrome is vulnerable to Information Disclosure. The vulnerability exists due to the inappropriate implementation in Paint, which allows an attacker to leak cross-origin data outside an iframe via a crafted HTML page...

4.3CVSS4.9AI score0.00458EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/03/12 10:34 p.m.20 views

Inappropriate Implementation

Google Chrome is vulnerable to Inappropriate Implementation. The vulnerability exists in the iframe Sandbox in the library, which allows an attacker to bypass file download restrictions via a crafted HTML page...

6.5CVSS6.9AI score0.00595EPSS
Exploits0References5Affected Software1
Openbugbounty
Openbugbounty
added 2023/03/10 12:6 a.m.20 views

stoupasmetal.gr IFRAME Injection vulnerability OBB-3215342

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2023/03/10 12:3 a.m.16 views

olympoushop.jemify.gr IFRAME Injection vulnerability OBB-3215341

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2023/03/09 11:47 p.m.18 views

carrer.gr IFRAME Injection vulnerability OBB-3215338

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2023/03/09 11:36 p.m.13 views

velosport.kiev.ua IFRAME Injection vulnerability OBB-3215335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2023/03/09 11:20 p.m.18 views

jdpportal.norfolk.gov.uk IFRAME Injection vulnerability OBB-3215332

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/03/09 2:0 p.m.28 views

Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability

TLDR Recently, a cross-site search vulnerability was discovered affecting the popular NFT marketplace OpenSea. When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions to a specific...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/09 3:53 a.m.2 views

SUSE CVE-2023-1236

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. Chromium security severity: Low...

4.3CVSS8.5AI score0.00459EPSS
Exploits0References6
NVD
NVD
added 2023/03/09 12:15 a.m.28 views

CVE-2018-25081

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...

7.5CVSS7.8AI score0.01029EPSS
Exploits1References4
Prion
Prion
added 2023/03/09 12:15 a.m.13 views

Design/Logic Flaw

DISPUTED Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is...

5CVSS7.8AI score0.01029EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/03/09 12:0 a.m.3 views

Bitwarden 安全漏洞

Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A security vulnerability exists in Bitwarden version 2023.2.1 and prior versions, which stems from a password being auto-populated in a cross-domain IFRAME element...

7.5CVSS7.3AI score0.01029EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/03/08 10:22 p.m.49 views

CVE-2022-40959

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

7.5CVSS2.5AI score0.01284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/08 12:0 a.m.4 views

PT-2023-10822 · Bitwarden · Bitwarden

Name of the Vulnerable Software and Affected Versions: Bitwarden versions through 2023.2.1 Description: The issue allows password auto-fill within a cross-domain IFRAME element. The vendor notes that there have been important legitimate cross-domain configurations, such as an apple.com IFRAME...

7.5CVSS7.4AI score0.01029EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2023/03/08 12:0 a.m.12 views

CVE-2018-25081

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...

7.2AI score0.01029EPSS
Exploits1References4
CVE
CVE
added 2023/03/08 12:0 a.m.89 views

CVE-2018-25081

CVE-2018-25081 concerns Bitwarden up to version 2023.2.1, where password auto-fill can occur within a cross-domain IFRAME element. The issue is described across multiple records as a cross-domain auto-fill risk, with the vendor noting legitimate use cases (e.g., apple.com in an icloud.com IFRAME)...

7.5CVSS7.7AI score0.01029EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/03/08 12:0 a.m.21 views

CVE-2018-25081

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...

7.8AI score0.01029EPSS
Exploits1References4
Rows per page
Query Builder