CVE-2016-5262

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting XSS...

Scripts on marquee tag can execute in sandboxed iframes — Mozilla

Security researcher Nikita Arykov reported that JavaScript event handler attributes on a tag will execute inside a sandboxed iframe that does not have the allow-scripts flag set. This could result in a cross-site scripting XSS vulnerability in a site that depends on the iframe sandbox for...

LastPass Firefox Extension 4.0 < 4.1.21a Message Hijacking

According to its version, the LastPass Firefox extension installed on the remote Windows host is 4.0.x prior to 4.1.21a. It is, therefore, affected by a message hijacking vulnerability due to improper validation of messages sent between the extension and a privileged iframe. An unauthenticated,...

See how I use LastPass to get to all your password-vulnerability warning-the black bar safety net

! Please note:the manufacturer has successfully fixed this issue,and the relevant information to inform a Lastpass user. Vulnerability status:has been fixed Repair time frame:9 0 days Vulnerability level:severe Manufacturer:LastPass Product:LastPass Report Date:2 0 1 6 7 2 6, Vulnerability overvi...

LastPass Patches Ormandy Remote Compromise Flaw

LastPass has patched a vulnerability in its Firefox add-on found by Google Project Zero researcher Tavis Ormandy that allows attackers complete remote compromise of the password manager, . The divisive Ormandy submitted a bug report on Tuesday to LastPass after a series of tweets hinting at serio...

chromium-browser: limited same-origin bypass in service workers

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

mojevideo.cz IFRAME Injection vulnerability

Vulnerable URL: http://www.mojevideo.cz/link.php?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 7646016 VIP website status:| No Check...

CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

UBUNTU-CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

jericoacoaraturismo.com.br IFRAME Injection vulnerability

Vulnerable URL: http://www.jericoacoaraturismo.com.br/redir.php?url=http://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 11:44 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank|...

delta-xray.net IFRAME Injection vulnerability

Vulnerable URL: http://www.delta-xray.net/redir.php?URL=http://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

trangvang.com.vn IFRAME Injection vulnerability

Vulnerable URL: http://www.trangvang.com.vn/site.php?url=www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 22:34 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 10705612 VIP...

5ye.ca IFRAME Injection vulnerability

Vulnerable URL: http://5ye.ca/go2.php?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 10:56 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...

therevolution962.com IFRAME Injection vulnerability

Vulnerable URL: http://www.therevolution962.com/goout.php?to=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 3120509 VIP website status:| N...

CVE-2016-6209

A user supplied GET parameter is used to create the value used as the src value of an iframe displayed on all pages. It allows for CSRF and javascript insertion techniques among others. An attacker could forge a malicious URL that could include javascript execution in the main browser frame...

epressnews.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-166212 Description| Value ---|--- Affected Website:| epressnews.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

todaysart.nl IFRAME Injection vulnerability

Vulnerable URL: http://www.todaysart.nl/2006/linkout.php?l=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 7856939 VIP website status:| N...

The vulnerability of Thunderbird software allows a malicious attacker to compromise the confidentiality and integrity of protected information.

The vulnerability exists in Mozilla Firefox and Thunderbird due to the incorrect implementation of the sandbox attribute for the IFRAME element. Exploiting this vulnerability allows malicious actors to circumvent content restrictions from a single same-origin source, by using a specially crafted...

The vulnerability of the Firefox browser allows a malicious attacker to compromise the confidentiality and integrity of protected information.

The vulnerability exists in Mozilla Firefox due to the incorrect implementation of the sandbox attribute for the IFRAME element. Exploiting this vulnerability allows malicious actors, operating remotely, to bypass content restrictions from a single same-origin source, by using a specially crafted...

The vulnerability of the Firefox browser, which allows a malicious actor to bypass domain restriction rules

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of class functions. Exploiting this vulnerability allows malicious actors to circumvent Domain Restrictions Policy SOP rules and gain access to confidential information through the use of IFrame elements...