159 matches found
CVE-2025-55033 Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142...
CVE-2025-55033 Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142...
PT-2025-33877 · Mozilla · Focus For Ios
Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 14.2 Description: Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in cross-site scripting XSS attacks. Recommendations: Update Focus f...
Security Vulnerabilities fixed in Focus for iOS 142 — Mozilla
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS...
Linux Distros Unpatched Vulnerability : CVE-2025-8029
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1,...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
DEBIAN-CVE-2025-8029
Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
UBUNTU-CVE-2025-8029
Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
argocd: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS)
A flaw was found in Argo CD, where improper filtering of repository URLs in the UI allows JavaScript injection. A crafted javascript: link can lead to cross-site scripting when viewed by another user. This can result in unauthorized API actions via the victim's session...
CVE-2024-8399
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...
CVE-2022-25978
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...
CVE-2022-21158
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link with javascript: scheme inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext...
CVE-2019-10374
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...
firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...