CVE-2024-4769

CVE-2024-4769 : In Firefox and Thunderbird, Web Workers handling could reveal cross-origin information by distinguishing between responses with the content-type application/javascript vs non-script types. This could lead to information disclosure across origins. Affected products are Firefox befo...

Apache Superset users may incorrectly create resources using the import charts feature

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0...

SUSE CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

CVE-2022-22760

CVE-2022-22760: A cross-origin information disclosure in Firefox/Thunderbird arises when importing resources via Web Workers, where error messages could reveal whether a response is JavaScript (application/javascript) or not. Affected: Firefox < 97, Thunderbird < 91.6, and Firefox ESR

CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

MediaWiki 1.16.3之前版本存在多个远程漏洞

Bugtraq ID: 47354 MediaWiki是一套以GPL授权发行的Wiki引擎。 MediaWiki存在多个安全漏洞，允许恶意用户进行跨站脚本攻击和绕过部分安全限制。 -应用程序不正确防止部分浏览器如Internet Explorer 6基于查询URL结尾来猜测内容类型，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -通过CSS评注传递的输入在显示给用户之前，wikitext解析器没有对其进行过滤，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -transwiki导入功能没有正确限制表单发送访问，可被利用执行未授权远程资源导入。...