Lucene search
+L

175 matches found

RedHat Linux
RedHat Linux
added 2025/05/05 1:37 a.m.5 views

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

9.1CVSS7.4AI score0.00376EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2025/04/29 2:15 p.m.5 views

CVE-2025-4083

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox 138, Firefox ESR...

9.1CVSS6.8AI score0.00376EPSS
Exploits0References7
OSV
OSV
added 2025/04/29 2:15 p.m.1 views

DEBIAN-CVE-2025-4083

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox...

9.1CVSS8.4AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2025/04/29 2:15 p.m.3 views

UBUNTU-CVE-2025-4083

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox...

9.1CVSS7.3AI score0.00376EPSS
Exploits0References12
Snyk
Snyk
added 2025/03/19 6:30 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to allowing the javascript: URL scheme for links created based on workspace content. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into...

8.5CVSS5.3AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2025/03/19 4:15 p.m.2 views

CVE-2025-30196

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...

6.5CVSS5.7AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2025/01/13 12:0 a.m.24 views

UBUNTU-CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS 134...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/01/11 4:15 a.m.3 views

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS 134...

4.3CVSS6.6AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2025/01/11 4:15 a.m.9 views

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS 134...

4.3CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/11 3:36 a.m.6 views

CVE-2025-23108 Firefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URI

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134...

5.8AI score0.00236EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/01/11 3:36 a.m.10 views

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134...

4.3CVSS5.2AI score0.00236EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.4 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions prior to Mozilla Firefox 134, which originates when a JavaScript link is opened in a new tab via a long press, which could lead to malicious scripts spoofing...

4.3CVSS6AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/11 12:0 a.m.3 views

PT-2025-4824 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 134 Description: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. Recommendations: For versions prior to 134,...

4.3CVSS6AI score0.00236EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.3 views

PT-2024-34662 · Cobalt · Cobalt

Name of the Vulnerable Software and Affected Versions: cobalt versions prior to 10.2.1 Description: A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present...

6CVSS6.4AI score0.00471EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/10/14 6:7 p.m.5 views

jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

A flaw was found in jsoup, a Java HTML parser built for HTML editing, cleaning, scraping, and Cross-site scripting XSS safety. An issue in jsoup may incorrectly sanitize HTML, including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the...

6.1CVSS6.9AI score0.01208EPSS
Exploits1References4
Snyk
Snyk
added 2024/10/07 3:58 p.m.2 views

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS via the href attributes in hyperlinks due to improper sanitization of "javascript:" URLs. An attacker c...

5.4CVSS5.4AI score0.00324EPSS
Exploits1References2
CNVD
CNVD
added 2024/09/05 12:0 a.m.10 views

Mozilla Focus for iOS Spoofing Vulnerability (CNVD-2024-40517)

Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. Mozilla Focus for iOS is vulnerable to a spoofing vulnerability caused by an error related to the use of Javascript links. An attacker can exploit this vulnerability to spoof URL addresses in the Focus navigation bar...

4.7CVSS6.3AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2024/09/03 8:15 p.m.3 views

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

4.7CVSS5.8AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/03 8:7 p.m.14 views

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

6.4AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.4 views

Mozilla Focus 安全漏洞

Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. Mozilla Focus for iOS is vulnerable to a spoofing vulnerability caused by an error related to the use of Javascript links. An attacker can exploit this vulnerability to spoof URL addresses in the Focus navigation bar...

4.7CVSS6.5AI score0.00256EPSS
Exploits0References3
Rows per page
Query Builder