yourcouncil.nsw.gov.au IFRAME Injection vulnerability OBB-2384008

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aa.eplace.eea.mass.gov IFRAME Injection vulnerability OBB-2384007

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| aa.eplace.eea.mass.gov ---|--- Open Bug...

financedept.up.gov.lk IFRAME Injection vulnerability OBB-2384006

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2022:14896-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14896-1 advisory. - A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary...

openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2022:0559-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0559-1 advisory. - It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of- bounds write of one byte when...

Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...

Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Vulnerability

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site to be iframed...

Thinfinity VirtualUI 2.5.41.0 IFRAME Injection

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...

The vulnerability of the iframe element in Mozilla Firefox allows a violator to circumvent the imposed security restrictions.

The vulnerability of the iframe element in Mozilla Firefox and the Mozilla Thunderbird email client is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions by adding an iframe element with a JavaScript event to the...

Oracle Linux 7 : thunderbird (ELSA-2022-0538)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0538 advisory. 91.6.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.6.0-1 - Update to 91.6....

Oracle Linux 7 : firefox (ELSA-2022-0514)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0514 advisory. 91.6.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.j...

Oracle Linux 8 : thunderbird (ELSA-2022-0535)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0535 advisory. 91.6.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.6.0-1 - Update to 91.6.0 build1 Tenable has...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Debian DSA-5074-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5074 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs show...

MGASA-2022-0061 Updated thunderbird packages fix security vulnerabilities

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...

Updated thunderbird packages fix security vulnerabilities

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...

MGASA-2022-0057 Updated firefox packages fix security vulnerability

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...

Google Chrome Access Control Error Vulnerability (CNVD-2022-45569)

Google Chrome is a web browser from Google, Inc. An access control error vulnerability exists in versions of Google Chrome prior to 98.0.4758.80, which can be exploited by remote attackers to bypass the iframe sandbox via a carefully crafted HTML page...

CVE-2022-22807

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...