The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to deficiencies in domain restriction mechanisms (Same Origin Policy), allows attackers to redirect users to malicious websites.

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to deficiencies in the Domain Same Origin Policy mechanism. Exploiting this vulnerability can allow a malicious actor to redirect users to malicious websites or expose protected information...

USN-3918-4 firefox regressions

USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in ...

SUSE-SU-2018:4236-2 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 bsc1119105 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a...

Coda: Lack or Origin check leads to Cross-Site Websocket Hijacking (CSWSH)

Summary @fisher discovered a CSRF-related vulnerability in Coda docs by which an attacked could craft a convincing page that would make modifications to a specific document without the victim knowing. This is due to the inherent nature of Websockets not being secure by default. Although a...

CVE-2019-9696

Symantec VIP Enterprise Gateway all versions may be susceptible to a cross-site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentiall...

EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1179)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting ...

Microsoft Edge and Internet Explorer Same Origin Policy Bypass

A vulnerability exists in Microsoft Edge and Internet Explorer web browsers that could allow security feature bypass. The vulnerability could allow an attacker to bypass the Same Origin Policy. Successful exploitation of this vulnerability could allow the disclosure of sensitive information...

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly

Exclusive — A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure. Both unpatched vulnerabilities—one of whic...

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly

Exclusive — A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure. Both unpatched vulnerabilities—one of whic...

Mozilla Firefox < 66.0 Multiple Vulnerabilities

Binary data 700487.prm...

openSUSE Security Update : Mozilla Firefox (openSUSE-2019-1004)

This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs. Security issues fixed as part of the MFSA 2018-30 advisory boo1119105 : - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element -...

openSUSE Security Update : Chromium (openSUSE-2019-559)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530 : - CVE-2018-6153: Stack-based buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC ...

Mozilla Firefox Same Origin Policy Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 66. An attacker can exploit the vulnerability to bypass the same-origin policy and read cross-origin images...

Mozilla Firefox Man-in-the-Middle Attack Vulnerability (CNVD-2019-08537)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 66, which stems from the program failing to properly perform Upgrade-Insecure-Requests on same-origin navigation, and can be exploite...

[ASA-201903-11] firefox: multiple issues

Arch Linux Security Advisory ASA-201903-11 ========================================== Severity: Critical Date : 2019-03-22 CVE-ID : CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-98...

CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

UBUNTU-CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

UBUNTU-CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

Security vulnerabilities fixed in Firefox 66 — Mozilla

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. The type inference system allows the compilation of functions that can cause typ...