Nivistealer - Steal Victim Images Exact Location Device Info And Much More

Steal Victim Images Exact Location Device Info And Much More Features of Nivi-Stealer: Steal Ip Steal Device Info Uses Device Gps to steal exact location Steal pic from front camera Send logs to discord also save them locally in a txt file Works on android,windows,linux,mac os Uses iframe to load...

Updated thunderbird packages fix security vulnerabilities

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash CVE-2022-26381. When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification CVE-2022-26383. If an attacker coul...

AlmaLinux 8 : firefox (ALSA-2022:0510)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0510 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs...

AlmaLinux 8 : thunderbird (ALSA-2022:0535)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0535 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5321-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5321-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

RHEL 8 : firefox (RHSA-2022:0816)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0816 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

DEBIAN-CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

UBUNTU-CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fixes: Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of access allowing and attacker to control the contents of an iframe sandboxed with allow-popups but not allow-scripts...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-068-01)

The version of mozilla-thunderbird installed on the remote host is prior to 91.7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-068-01 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, the...

Mozilla Firefox Permission License and Access Control Issues Vulnerability (CNVD-2023-59958)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a permissions licensing and access control issue vulnerability that stems from a logic error when handling iframes. The vulnerability can be exploited by an attacker to...

Debian DLA-2942-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2942 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, woul...

CVE-2022-26384

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

GHSA-5RCC-6CMJ-7728 Cross-site Scripting in BookStack

Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of...