5124 matches found
wz-net.de IFRAME Injection vulnerability OBB-2992292
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
icsti.int IFRAME Injection vulnerability OBB-2992015
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:3441-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3441-1 advisory. Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr bsc1203477: - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions ...
UBUNTU-CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Debian dla-3123 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3123 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3123-1 [email protected]...
Oracle Linux 8 : thunderbird (ELSA-2022-6708)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6708 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...
Oracle Linux 9 : thunderbird (ELSA-2022-6717)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6717 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...
Mozilla: Bypassing FeaturePolicy restrictions on transient pages
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
Mozilla: An iframe element in an HTML email could trigger a network request
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...
CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
DEBIAN-CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
UBUNTU-CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Mozilla: An iframe element in an HTML email could trigger a network request
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...
Mozilla: Bypassing FeaturePolicy restrictions on transient pages
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
Mozilla: Bypassing FeaturePolicy restrictions on transient pages
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...
Mozilla: An iframe element in an HTML email could trigger a network request
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...