209 matches found
UBUNTU-CVE-2021-38491
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox 92...
Security Vulnerabilities fixed in Firefox 92 — Mozilla
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected. Mixed-content checks were unable to analyze opaque origins which led to some mixed content...
Mozilla Firefox < 92.0
The version of Firefox installed on the remote Windows host is prior to 92.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-38 advisory. - Mozilla developers Christian Holler and Lars T Hansen reported memory safety bugs present in Firefox 91. Some of these...
Mozilla Firefox 权限许可和访问控制问题漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. A privilege-granting and access-control issue vulnerability exists in Mozilla Firefox, which arises from Firefox failing to adequately check for mixed content and causing the content to be loaded. A remote attacker could...
libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...
DEBIAN-CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
ALPINE-CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
UBUNTU-CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been
The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...
Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-04657)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 84. When an HTTPS page is embedded in an HTTP paqe and a service worker is registered for the former, the service worker can interce...
Denial Of Service (DoS)
firefox is vulnerable to denial of service DoS. If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users...
CVE-2020-4022
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a mixed multipart...
CVE-2020-10087
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...
CVE-2020-10087
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...
Information disclosure
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...
UBUNTU-CVE-2020-10087
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...
CVE-2020-10087
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...
CVE-2020-10087
Removed by vendor...
Google Chrome To Bar HTTP File Downloads
Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...