5 matches found
CVE-2020-15174
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in...
Vulnerability of Firefox web browsers, Firefox ESR, and Thunderbird email client, related to a navigation event error that does not comply with W3C specifications, allowing attackers to access confidential data
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to a navigation event error that does not comply with W3C specifications. Exploiting this vulnerability can allow an attacker to gain access to confidential data remotely...
Mozilla Firefox Security Advisories (MFSA2019-25, MFSA2019-27) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2014-1884
CVE-2014-1884 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7/8. The root cause is improper restriction of navigation events, which lets remote attackers bypass device-resource restrictions when content is accessed (1) inside an iframe or (2) via t...
CVE-2012-3976
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page...