Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

Apple tvOS 安全漏洞

Apple tvOS is an operating system for smart TVs from Apple. A security vulnerability exists in Apple tvOS that stems from the handling of maliciously crafted web content that may bypass the same-origin policy...

About the security content of Safari 16.4

About the security content of Safari 16.4 This document describes the security content of Safari 16.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2023-21035

In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User...

UBUNTU-CVE-2023-21035

In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User...

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

No authentication is required when accessing another different Gateway VServer

Two Gateway Vservers with the same FQDN and VIP are created onthe same ADC but listed on the different ports8443 and 9443. If logging into Citrix Gateway1 with port 8443 first, and then open a new browser tab page to access Citrix Gateway2 with port 9443, users can see the published resources...

same-word.com Cross Site Scripting vulnerability OBB-3228480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 111, which arises from a one-time permission granted to a local file extending to other local files loaded in the same tab...

GHSA-3G43-X7QR-96PH Possible CSRF token fixation

Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. Patches The problem is fixed in versi...

Possible CSRF token fixation

Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. Patches The problem is fixed in versi...

Cross site request forgery (csrf)

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery CSRF. When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to...

Google Chrome Navigation component code issue vulnerability

Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Navigation component. A remote attacker can exploit the vulnerability to bypass the...

Same-Origin Policy Bypass

chromium is vulnerable to Same-Origin Policy Bypass. Insufficient policy enforcement in DevTools allows an attacker to bypass same origin policy and proxy settings via a crafted HTML page...

SUSE CVE-2023-1225

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...