5124 matches found
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla Thunderbird < 91.9
The version of Thunderbird installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in...
Mozilla Thunderbird < 91.9
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs...
RHEL 7 : thunderbird (RHSA-2022:1725)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1725 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Security Fixes: Mozilla:...
RHEL 8 : thunderbird (RHSA-2022:1727)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1727 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Security Fixes: Mozilla:...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
RHEL 8 : firefox (RHSA-2022:1705)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1705 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 7 : firefox (RHSA-2022:1703)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1703 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 8 : firefox (RHSA-2022:1701)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1701 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
UBUNTU-CVE-2022-29911
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
CVE-2022-29911
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
CVE-2022-29911
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Security Vulnerabilities fixed in Firefox 100 — Mozilla
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...
Security Vulnerabilities fixed in Firefox ESR 91.9 — Mozilla
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...