6897 matches found
Mozilla Firefox < 66.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. - A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some...
Mozilla Firefox < 66.0
The version of Firefox installed on the remote Windows host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. - A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions,...
Critical: thunderbird
Issue Overview: A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4,...
Mozilla Firefox, Firefox ESR and Thunderbird Information Disclosure Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is email client software that supports IMAP, POP mail protocols, and the HTML mail format. A security vulnerability...
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
DEBIAN-CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
DEBIAN-CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
Cross site scripting
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
Cross site scripting
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
UBUNTU-CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18494
CVE-2018-18494 is a same-origin policy violation in Thunderbird/Firefox components caused by using the location property with performance.getEntries to steal cross-origin URL entries. Affected: Thunderbird < 60.4, Firefox ESR < 60.4, Firefox
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18499
CVE-2018-18499 is a same-origin policy vulnerability in Mozilla Firefox and Thunderbird where a page using a meta http-equiv="refresh" redirects to another site and allows theft of cross-origin URL entries via performance.getEntries(). Affected: Firefox < 62, Firefox ESR < 60.2, Thunderbird
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)
This update for MozillaThunderbird to version 60.5.1 fixes the following issues : Security vulnerabilities addressed MSFA 2019-03 MSFA 2018-31 MFSA 2019-06 bsc1122983 bsc1119105 bsc1125330 : - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. -...