Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: An iframe element in an HTML email could trigger a network request

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

CVE-2022-3057

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-3057

CVE-2022-3057 affects Google Chrome prior to 105.0.5195.52, where an inappropriate implementation in the iframe Sandbox could allow a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (iframe Sandbox component). Root cause per sources: flawed Sandb...

CVE-2022-3057

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: An iframe element in an HTML email could trigger a network request

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Updated thunderbird packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

MGASA-2022-0347 Updated thunderbird packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

Debian DSA-5237-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5237 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or...