Mozilla Firefox ESR < 91.5

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-02 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyso...

Mozilla Firefox < 96.0

The version of Firefox installed on the remote Windows host is prior to 96.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-01 advisory. - When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it shou...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote Windows host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith,...

The vulnerability of the iFrame Sandbox component in Google Chrome allows a hacker to bypass existing security restrictions.

The vulnerability of the iFrame Sandbox component in Google Chrome is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

Debian DLA-2874-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory. - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash...

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

UBUNTU-CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2021-25990

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe...

Cross site scripting

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe...

CVE-2021-25990

CVE-2021-25990 affects the open-source project ifme (versions v7.22.0–v7.31.4 ). The issue is a self-stored XSS in the contacts field , arising from a lack of checksum filtering of user-supplied data and its output, allowing loading of XSS payloads via an iframe. Documented impact is client-side ...

CVE-2021-25990 ifme - Stored Cross-Site Scripting (XSS) in Contacts section

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe...

CVE-2021-25990 ifme - Stored Cross-Site Scripting (XSS) in Contacts section

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe...

Debian DLA-2863-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2863 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1632-1 Rating: important References: 1192310 1192734 1193519 1193713 Cross-References: CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012...

Brave Software: New XSS vector in ReaderMode with %READER-TITLE-NONCE%

A new XSS vulnerability was discovered in Brave iOS 1.31.1 and higher, which allowed attackers to execute malicious scripts on ReaderMode pages. The vulnerability was caused by a relaxation of the CSP rule, which allowed scripts with nonce-%READER-TITLE-NONCE% to be executed. Attackers could...

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

DEBIAN-CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

UBUNTU-CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...