Mozilla Thunderbird < 102.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-42 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla...

MGASA-2022-0344 Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 105, which stems from a FeaturePolicy not being fully initialized on certain pages during iframe navigation, which could lead to a...

Mozilla Firefox ESR < 102.3

The version of Firefox ESR installed on the remote Windows host is prior to 102.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-41 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...

Security Vulnerabilities fixed in Firefox 105 — Mozilla

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...

Unsecured File

thunderbird allows unsecured files. The vulnerability exists due to an issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or videos, were no...

Uninformed Request

thunderbird has uninformed request. The vulnerability exists due to a a flaw found in Mozilla sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location...

Information Disclosure

chrome is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the implementation in iframe Sandbox allowing an attacker to leak cross-origin data via a crafted HTML page...

Infix LMS 4.3.0 IFRAME Injection Vulnerability

Exploit Title: Infix LMS - Learning Management System IFRAME Injection Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 Version: 4.3.0 Tested on Ubuntu 18.04 sign up as teacher go course page...

openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10119-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10119-1 advisory. - Use after free in Network Service. CVE-2022-3038 - Use after free in WebSQL. CVE-2022-3039, CVE-2022-3041 - Use after free in Layout...

Infix LMS 4.3.0 IFRAME Injection

Exploit Title: Infix LMS - Learning Management System IFRAME Injection Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 Version: 4.3.0 Tested on Ubuntu 18.04 sign up as teacher go course page...

Mozilla Firefox ESR Security Advisory (MFSA2021-49) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

UI REDRESSING

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-249-02)

The version of mozilla-thunderbird installed on the remote host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-249-02 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the...

SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-SLE / etc (SUSE-SU-2022:3030-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3030-1 advisory. Firefox Extended Support Release 91.13.0 ESR bsc1202645: - CVE-2022-38472: Fixed a potential...

Arbitrary Code Execution

firefox-esr is vulnerable to arbitrary code execution. The vulnerability is possible because the cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions which allows an attacker to inject and execute arbitrary commands...

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:3007-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3007-1 advisory. Firefox Extended Support Release 91.13.0 ESR bsc1202645: - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error...

The vulnerability of the Thunderbird email client, related to errors in processing input data, allows a hacker to circumvent existing security restrictions.

The vulnerability of the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending a specially crafted email with the iframe srcdoc attribute...

The vulnerability in the isolated iframe of the Thunderbird email client allows a hacker to circumvent existing security restrictions.

The vulnerability of the isolated iframe environment in the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending specially crafted electronic emails...

Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory. - Use after free in Network Service. CVE-2022-3038 - Use after free in WebSQL. CVE-2022-3039,...