68 matches found
CVE-2022-29915
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox 100...
CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox 103...
CVE-2022-29915
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox 100...
CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox 103...
CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox 103...
Open Redirect
firefox is vulnerable to open redirect attacks. The vulnerability exists when using the Performance API which allows an attacker to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5536-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5536-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...
CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox 103...
UBUNTU-CVE-2022-36316
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox 103...
Mozilla Firefox Security Advisory (MFSA2022-28) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2022-28. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Mozilla Firefox < 103.0
The version of Firefox installed on the remote Windows host is prior to 103.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-28 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs...
Mozilla Firefox 输入验证错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox versions 100.0 through 102.0.1, which stems from the way the Performance API handles cross-site redirects, and can be exploited by a remote attacker to observe differences...
Security Vulnerabilities fixed in Firefox 103 — Mozilla
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.Th...
Mozilla Firefox Security Advisory (MFSA2022-16) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2021-21135
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-29915
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox 100...
Security Vulnerabilities fixed in Firefox 100 — Mozilla
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...
Mozilla Firefox < 100.0
The version of Firefox installed on the remote Windows host is prior to 100.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-16 advisory. - Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in...
Debian DSA-4886-1 : chromium - security update
Several vulnerabilites have been discovered in the chromium web browser. - CVE-2021-21159 Khalil Zhani discovered a buffer overflow issue in the tab implementation. - CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio. - CVE-2021-21161 Khalil Zhani discovered a buffer...
Google Chrome Performance API Security Bypass Vulnerability (CNVD-2021-14185)
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in the Google Chrome Performance API. An attacker can exploit this vulnerability to bypass security restrictions...