Lucene search
+L

209 matches found

OSV
OSV
added 2021/09/09 12:0 a.m.4 views

UBUNTU-CVE-2021-38491

Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox 92...

6.5CVSS6.8AI score0.00852EPSS
Exploits0References4
Mozilla
Mozilla
added 2021/09/07 12:0 a.m.323 views

Security Vulnerabilities fixed in Firefox 92 — Mozilla

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected. Mixed-content checks were unable to analyze opaque origins which led to some mixed content...

8.8CVSS7.8AI score0.01205EPSS
Exploits2References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/09/07 12:0 a.m.251 views

Mozilla Firefox < 92.0

The version of Firefox installed on the remote Windows host is prior to 92.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-38 advisory. - Mozilla developers Christian Holler and Lars T Hansen reported memory safety bugs present in Firefox 91. Some of these...

8.8CVSS7.8AI score0.01205EPSS
Exploits2References7
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.6 views

Mozilla Firefox 权限许可和访问控制问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A privilege-granting and access-control issue vulnerability exists in Mozilla Firefox, which arises from Firefox failing to adequately check for mixed content and causing the content to be loaded. A remote attacker could...

6.5CVSS8AI score0.00852EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2021/06/29 4:38 p.m.13 views

libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode

A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...

5.9CVSS7.1AI score0.03503EPSS
Exploits0References4
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

DEBIAN-CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS7AI score0.03503EPSS
Exploits0References1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

ALPINE-CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS6.8AI score0.03503EPSS
Exploits0References1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

UBUNTU-CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS6.7AI score0.03503EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2021/05/14 7:50 p.m.55 views

CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS7.9AI score0.03503EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/02/03 10:45 a.m.4 views

Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

6.5CVSS7.3AI score0.01556EPSS
Exploits0References5
CNVD
CNVD
added 2021/01/13 12:0 a.m.3 views

Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-04657)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 84. When an HTTPS page is embedded in an HTTP paqe and a service worker is registered for the former, the service worker can interce...

6.5CVSS8.6AI score0.01556EPSS
Exploits0References1
Veracode
Veracode
added 2020/09/21 6:32 a.m.22 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service DoS. If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users...

5.3CVSS1.6AI score0.01873EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2020/07/01 2:15 a.m.1 views

CVE-2020-4022

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a mixed multipart...

6.1CVSS6.5AI score0.01135EPSS
Exploits0References1
NVD
NVD
added 2020/03/13 5:15 p.m.26 views

CVE-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

7.5CVSS7.4AI score0.01174EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/03/13 5:15 p.m.17 views

CVE-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

7.5CVSS7.1AI score0.01174EPSS
Exploits0References3
Prion
Prion
added 2020/03/13 5:15 p.m.17 views

Information disclosure

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

5CVSS7.4AI score0.01174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/03/13 5:15 p.m.5 views

UBUNTU-CVE-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

7.5CVSS5.8AI score0.01174EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/03/13 4:34 p.m.27 views

CVE-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

7.4AI score0.01174EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/03/13 4:34 p.m.60 views

CVE-2020-10087

Removed by vendor...

7.5CVSS7.1AI score0.01174EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/02/07 5:3 p.m.55 views

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

7AI score
Exploits0References10
Rows per page
Query Builder