17 matches found
EUVD-2024-27558
Malicious code in bioql PyPI...
MGASA-2024-0153 Updated firefox packages fix security vulnerabilities
CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not ...
SUSE-SU-2024:1437-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 115.10.1 Security fixes MFSA 2024-20 bsc1222535: - CVE-2024-3852: GetBoundName in the JIT returned the wrong object bmo1883542 - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
Debian dla-3790 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3790-1 [email protected]...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
RHEL 8 : firefox (RHSA-2024:1911)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1911 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
SUSE-SU-2024:1319-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.10.0 ESR MSFA 2024-19 bsc1222535: - CVE-2024-3852: GetBoundName in the JIT returned the wrong object - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement - CVE-2024-3857:...
DEBIAN-CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...
UBUNTU-CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...
SUSE CVE-2023-6206
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox 12...
CVE-2019-11697
If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on th...
CVE-2019-11697
If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on th...
[Full-disclosure] Assorted browser vulnerabilities
Hello, Will keep it brief. A couple of browser bugs, fresh from the oven, hand crafted with love: 1 Title : MSIE page update race condition CRITICAL Impact : cookie stealing / setting, page hijacking, memory corruption Demo : http://lcamtuf.coredump.cx/ierace/ ...aka the bait & switch...