12 matches found
JLSEC-2026-102 Interactive `run` permission prompt spoofing via improper ANSI neutralization
Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...
EUVD-2024-0957
Malicious code in bioql PyPI...
SUSE CVE-2024-27936
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...
CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization
Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...
CVE-2023-22499 Interactive permission prompt spoofing in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
CVE-2020-6564
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page...
DEBIAN-CVE-2020-6564
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page...
Code injection
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission...
CVE-2016-2829
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission...
CVE-2016-2829
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission...
CVE-2014-3170
CVE-2014-3170 affects Google Chrome/Chromium prior to version 37.0.2062.94, where extensions/common/url_pattern.cc fails to prevent a '\0' character in a host name. This allows an attacker to spoof the extension permission dialog by truncation after the null character. Debian and openSUSE advisor...