Lucene search
K

100 matches found

RedHat Linux
RedHat Linux
added 2024/03/25 7:30 p.m.4 views

Mozilla: Privileged JavaScript Execution via Event Handlers

The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...

8.4CVSS7.6AI score0.047EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/25 6:54 p.m.5 views

Mozilla: Privileged JavaScript Execution via Event Handlers

The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...

8.4CVSS7.6AI score0.047EPSS
Exploits0References5
Veracode
Veracode
added 2024/03/24 12:13 p.m.27 views

Privilege Escalation

Firefox is vulnerable to a Privilege Escalation. The vulnerability is due to the unauthorized injection of an event handler into a privileged object, leading to arbitrary JavaScript execution in the parent process...

8.4CVSS6.8AI score0.047EPSS
Exploits0References6Affected Software3
RedhatCVE
RedhatCVE
added 2024/03/22 2:13 p.m.84 views

CVE-2024-29944

The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...

8.8CVSS7.1AI score0.047EPSS
Exploits0References4
OSV
OSV
added 2024/03/22 1:15 p.m.2 views

DEBIAN-CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

8.4CVSS8.1AI score0.047EPSS
Exploits0References1
NVD
NVD
added 2024/03/22 1:15 p.m.21 views

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

8.4CVSS6.7AI score0.047EPSS
Exploits0References5
OSV
OSV
added 2024/03/22 12:0 a.m.6 views

UBUNTU-CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

8.4CVSS7.4AI score0.047EPSS
Exploits0References6
OSV
OSV
added 2023/03/22 12:7 a.m.7 views

USN-5967-1 node-object-path vulnerabilities

It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. CVE-2020-15256, CVE-2021-23434, CVE-2021-3805...

9.8CVSS7.1AI score0.0203EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.3 views

SUSE CVE-2012-2123

The capbprmsetcreds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities aka fcaps for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted applicatio...

7.2CVSS6.2AI score0.00418EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.4 views

SUSE CVE-2020-12419

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR 68.10, Firefox 78, and...

8.8CVSS9AI score0.02322EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.8 views

CVE-2022-29913

The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9...

6.8AI score0.00428EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.57 views

CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

8.8CVSS8.8AI score0.17103EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/05/27 7:13 p.m.2 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/27 7:2 p.m.4 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/27 6:57 p.m.6 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/27 6:40 p.m.4 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/27 2:53 a.m.4 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/26 11:26 p.m.3 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/24 5:57 p.m.3 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/24 4:41 p.m.5 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

8.8CVSS7.4AI score0.17103EPSS
Exploits0References5
Rows per page
Query Builder