524 matches found
Spoofing
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...
CVE-2018-12399
CVE-2018-12399 affects Firefox prior to 63.0. When a new protocol handler is registered, the API accepts a title argument that can mislead the user about which domain is registering the handler, potentially causing the user to approve a protocol handler they otherwise wouldn’t. The vulnerability ...
CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...
CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...
CVE-2019-6453
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling Chrome is not exploitable...
Mozilla Firefox < 63 Multiple Vulnerabilities
Binary data 700410.prm...
CVE-2018-17707
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Epic Games Launcher Protocol Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visual Studio with tools for Unreal Engine development installed. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
Mozilla Firefox < 63.0
The version of Firefox installed on the remote Windows host is prior to 63.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-26 advisory. - When manipulating user events in nested loops while opening a document through script, it is possible to trigger a...
CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...
UBUNTU-CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...
Security vulnerabilities fixed in Firefox 63 — Mozilla
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...
CVE-2018-6043
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...
UBUNTU-CVE-2018-6043
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...
Input validation
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...
CVE-2018-6043
CVE-2018-6043 affects Google Chrome (Chromium project) via the External Protocol Handler. The root cause is insufficient data validation in the handler, allowing a remote attacker to potentially execute arbitrary code on a user’s machine by presenting a crafted HTML page. Publicly documented impa...
CVE-2018-6043
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...
CVE-2018-6043
Removed by vendor...
Ubisoft Uplay Desktop Client 63.0.5699.0 Remote Code Execution
Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Date: 2018-09-01 Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on:...
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit
Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on: Windows, Microsoft...