5125 matches found
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
USN-5816-1: Firefox vulnerabilities
Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...
USN-5816-1 firefox vulnerabilities
Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...
RHEL 9 : firefox (RHSA-2023:0286)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0286 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:0112-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0112-1 advisory. - Updated to version 102.7.0 ESR bsc1207119: - CVE-2022-46871: Updated an out of date library libusrsctp which contained several...
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:0111-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0111-1 advisory. - Updated to version 102.7.0 ESR bsc1207119: - CVE-2022-46871: Updated an out of date library libusrsctp which contained several...
KLA20174 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Security bypass vulnerability in libusrsctp can be exploited...
CVE-2023-23601
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
UBUNTU-CVE-2023-23601
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Mozilla Firefox ESR < 102.7
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-02 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and...
Chromium:CVE-2023-0131: Inappropriate implementation in iframe Sandbox
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
KLA20163 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in File System API can be exploited to caus...
Google Chrome iframe Sandbox Code Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...