161 matches found
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
CVE-2025-4083
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox 138, Firefox ESR...
DEBIAN-CVE-2025-4083
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox...
UBUNTU-CVE-2025-4083
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to allowing the javascript: URL scheme for links created based on workspace content. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into...
CVE-2025-30196
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
UBUNTU-CVE-2025-23108
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS 134...
CVE-2025-23108
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS 134...
CVE-2025-23108
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS 134...
CVE-2025-23108 Firefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URI
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134...
CVE-2025-23108
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions prior to Mozilla Firefox 134, which originates when a JavaScript link is opened in a new tab via a long press, which could lead to malicious scripts spoofing...
PT-2025-4824 · Mozilla · Firefox
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 134 Description: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. Recommendations: For versions prior to 134,...
PT-2024-34662 · Cobalt · Cobalt
Name of the Vulnerable Software and Affected Versions: cobalt versions prior to 10.2.1 Description: A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present...