5125 matches found
Security Vulnerabilities fixed in Firefox ESR 102.9 — Mozilla
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website...
KLA48551 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in JIT...
Mozilla Firefox ESR < 102.9
The version of Firefox ESR installed on the remote Windows host is prior to 102.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-10 advisory. - Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs...
Information Disclosure
Google Chrome is vulnerable to Information Disclosure. The vulnerability exists due to the inappropriate implementation in Paint, which allows an attacker to leak cross-origin data outside an iframe via a crafted HTML page...
Inappropriate Implementation
Google Chrome is vulnerable to Inappropriate Implementation. The vulnerability exists in the iframe Sandbox in the library, which allows an attacker to bypass file download restrictions via a crafted HTML page...
stoupasmetal.gr IFRAME Injection vulnerability OBB-3215342
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
olympoushop.jemify.gr IFRAME Injection vulnerability OBB-3215341
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
carrer.gr IFRAME Injection vulnerability OBB-3215338
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
velosport.kiev.ua IFRAME Injection vulnerability OBB-3215335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
jdpportal.norfolk.gov.uk IFRAME Injection vulnerability OBB-3215332
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability
TLDR Recently, a cross-site search vulnerability was discovered affecting the popular NFT marketplace OpenSea. When successfully exploited, this issue allows for the deanonymization of OpenSea users by linking an IP address, a browser session, or an email in certain conditions to a specific...
SUSE CVE-2023-1236
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. Chromium security severity: Low...
CVE-2018-25081
Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...
Design/Logic Flaw
DISPUTED Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is...
Bitwarden 安全漏洞
Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A security vulnerability exists in Bitwarden version 2023.2.1 and prior versions, which stems from a password being auto-populated in a cross-domain IFRAME element...
CVE-2022-40959
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
PT-2023-10822 · Bitwarden · Bitwarden
Name of the Vulnerable Software and Affected Versions: Bitwarden versions through 2023.2.1 Description: The issue allows password auto-fill within a cross-domain IFRAME element. The vendor notes that there have been important legitimate cross-domain configurations, such as an apple.com IFRAME...
CVE-2018-25081
Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...
CVE-2018-25081
CVE-2018-25081 concerns Bitwarden up to version 2023.2.1, where password auto-fill can occur within a cross-domain IFRAME element. The issue is described across multiple records as a cross-domain auto-fill risk, with the vendor noting legitimate use cases (e.g., apple.com in an icloud.com IFRAME)...
CVE-2018-25081
Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...