5123 matches found
CVE-2020-15174 Unpreventable top-level navigation in Electron
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in...
Unpreventable top-level navigation
Impact The will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. Patches 11.0.0-beta.1 10.0.1 9.3.0 8.5.1 Workarounds Sandbox all your iframes using the...
PT-2020-14247
Name of the Vulnerable Software and Affected Versions Electron versions prior to 11.0.0-beta.1 Electron versions prior to 10.0.1 Electron versions prior to 9.3.0 Electron versions prior to 8.5.1 Description The will-navigate event can be bypassed when a sub-frame performs a top-frame navigation...
Mozilla: Bypassing iframe sandbox when allowing popups
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR 78.1, Firefox 79, and...
webkitgtk: Violation of iframe sandboxing policy
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy...
ajudadireito.com.br IFRAME Injection vulnerability OBB-1354231
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as the srcdoc content with an iframe has a sandbox attribute, fails to inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included allow-same-origin...
CVE-2019-8771
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy...
efoia.bis.doc.gov IFRAME Injection vulnerability OBB-1309358
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
tac.bis.doc.gov IFRAME Injection vulnerability OBB-1309331
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
bis.doc.gov IFRAME Injection vulnerability OBB-1309322
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
portal.fema.gov IFRAME Injection vulnerability OBB-1290537
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Acronis: Clickjacking on cas.acronis.com login page
Steps To Reproduce: Create a new HTML file Source code: I Frame Clickjacking Vulnerability Save the file as whatever.html Open document in browser Reference: https://hackerone.com/reports/591432 FIX- The vulnerability can be fixed by adding "frame-ancestors 'self';" to the CSP...
Mozilla: Bypassing iframe sandbox when allowing popups
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR 78.1, Firefox 79, and...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Mozilla: Bypassing iframe sandbox when allowing popups
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR 78.1, Firefox 79, and...
Mozilla: Bypassing iframe sandbox when allowing popups
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR 78.1, Firefox 79, and...
RHEL 8 : firefox (RHSA-2020:3559)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3559 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 8 : firefox (RHSA-2020:3555)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3555 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Yelp: Clickjacking lead to remove review
Steps To Reproduce: 1. Open iframe F960017 2. You can remove reviews from this iframe Impact Clickjacking lead to remove reviews...