8 matches found
Amazon Linux 2 : thunderbird (ALAS-2019-1267)
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
Design/Logic Flaw
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
Mozilla Firefox ESR < 60.8
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-22 advisory. - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in...
openSUSE 10 Security Update : epiphany (epiphany-5102)
The Mozilla XULRunner 1.8.1 engine was updated to security update version 1.8.1.12. This includes fixes for the following security issues : - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5002)
This update brings Mozilla Firefox to security update version 2.0.0.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of...
Mishandling of locally-saved plain text files — Mozilla
Mozilla contributor oo.rio.oo demonstrated that once a file with Content-Disposition: attachment and improper Content-Type: plain/text is saved locally, the browser would no longer open local files with .txt extensions for viewing, but would rather prompt the user to save the file...