6 matches found
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 bsc1231413 CVE-2024-9680: Use-after-free in Animation timeline bmo1923344 Also includes the following CVEs from MFSA 2024-47 bsc1230979 CVE-2024-9392: Compromised content...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR MFSA-2024-47, bsc1230979: CVE-2024-8900: Clipboard write permission bypass CVE-2024-9392: Compromised content process can bypass site isolation CVE-2024-9393: Cross-origin access to P...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...