524 matches found
CVE-2023-6871
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...
CVE-2023-6871
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...
CVE-2023-6871
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...
CVE-2023-6871
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...
Security Vulnerabilities fixed in Firefox 121 — Mozilla
The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. Multiple NSS NIST curves were susceptible to a side-channel attack known as...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 121, which stems from Firefox not displaying a warning when a user tries to navigate to a new protocol handler...
Rocky Linux 8 : firefox (RLSA-2021:5013)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5013 advisory. - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported...
OESA-2023-1674 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Mozilla...
Oracle Linux 8 : curl (ELSA-2020-1792)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1792 advisory. - double free due to subsequent call of realloc CVE-2019-5481 - fix heap buffer overflow in function tftpreceivepacket CVE-2019-5482 Tenable has...
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Malicious actors are using a legitimate Rust-based injector called Freeze.rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It...
CVE-2023-26448
Open-Xchange AppSuite is affected by CVE-2023-26448 due to unsafe handling of customized login/logout locations defined as jslob, which were not validated for malicious protocol handlers. The underlying issue allows malicious script code to execute in the victim’s context, potentially enabling se...
Beyond File Search: A Novel Method
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...
CVE-2023-35174 Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is...
Livebook 操作系统命令注入漏洞
Livebook is a web application for writing interactive and collaborative code notebooks. Livebook suffers from an operating system command injection vulnerability that originates from allowing an attacker to execute arbitrary commands using Desktop's protocol handler. Affected products and version...
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
On Windows, it is possible to open a livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from...
Ubiquiti EdgeRouter 命令注入漏洞
Ubiquiti EdgeRouter is a router from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6, which stems from the presence of an unknown function in the component OSPF Handler, which leads to command injection via the parameter areaa...
Exploit for CVE-2022-44666
Microsoft Windows Contacts VCF/Contact/LDAP syslink control...
SUSE CVE-2010-0191
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."...
SUSE CVE-2010-3625
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."...
SUSE CVE-2016-1937
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...