42 matches found
CVE-2026-11221
An insufficient validation of untrusted input flaw was found in the PointerLock component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=492211919...
Chromium: CVE-2026-11221 Insufficient validation of untrusted input in PointerLock
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34682
Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11221
Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-11221
Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11221
Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11221
Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11221
Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11221
Affected software: Google Chrome. Vulnerable component: PointerLock (Chromium). Root cause: insufficient validation of untrusted input. Impact: remote attacker with renderer access can spoof UI via crafted HTML page (Low severity). Affected versions: Chrome prior to 149.0.7827.53. Exploitation co...
CVE-2026-11221
Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
PT-2026-46747
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in PointerLock allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page...
GHSA-R5P7-GP4J-QHRX Electron: Incorrect origin passed to permission request handler for iframe requests
Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...
EUVD-2016-3904
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-6608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This...
firefox -- multiple vulnerabilities
[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...
Mozilla Thunderbird < 128.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-32 advisory. - When almost out-of-memory an elliptic curve key which was never allocated could have been freed again...
CVE-2024-6607
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...
UBUNTU-CVE-2024-6608
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6608
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...
Mozilla Firefox Security Advisory (MFSA2024-29) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2024-29. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...