524 matches found
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
DEBIAN-CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
Mozilla Firefox ESR < 128.4
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-56 advisory. - Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs...
Security Vulnerabilities fixed in Thunderbird 128.4 — Mozilla
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...
Security Vulnerabilities fixed in Firefox 132 — Mozilla
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...
Mozilla Thunderbird < 128.4
The version of Thunderbird installed on the remote Windows host is prior to 128.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-58 advisory. - Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed...
firefox: thunderbird: External protocol handlers could be enumerated via popups
The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...
OESA-2024-2241 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusio...
CVE-2024-9398
The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...
DEBIAN-CVE-2024-9398
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...
CVE-2024-9398
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...
CVE-2024-9398
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...
CVE-2024-9398
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...
Security Vulnerabilities fixed in Firefox 131 — Mozilla
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffecte...
Mozilla Thunderbird < 115.12
The version of Thunderbird installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. - By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if...
CVE-2024-5690
Vulnerability CVE-2024-5690 affects Mozilla Firefox and Thunderbird components via a timing-attack on external protocol handler detection. Affected products explicitly include Firefox < 127, Firefox ESR < 115.12, and Thunderbird