Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...

Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...

Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...

SUSE CVE-2023-4045

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

SUSE CVE-2023-38572

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by an attacker to bypass cross-domain restrictions and access...

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:3161-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3161-1 advisory. This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR...

CVE-2023-4045

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...

USN-6267-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-4047, CVE-2023-4048,...

Fedora 38 : firefox (2023-b4b8e4f1b9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b4b8e4f1b9 advisory. - Updated to latest upstream 116.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Mozilla Thunderbird < 115.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-33 advisory. - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs...

Mozilla Thunderbird < 102.14

The version of Thunderbird installed on the remote Windows host is prior to 102.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-32 advisory. - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and...

CVE-2023-4045

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Cross site scripting

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4045

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4045

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

kernel: Spectre v2 SMT mitigations problem

It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes...

Mozilla Firefox 访问控制错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by an attacker to bypass cross-domain restrictions and access...

Security Vulnerabilities fixed in Firefox ESR 102.14 — Mozilla

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...

Mozilla Firefox ESR < 102.14

The version of Firefox ESR installed on the remote Windows host is prior to 102.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-30 advisory. - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and...