Lucene search
K

178 matches found

CNVD
CNVD
added 2023/01/06 12:0 a.m.38 views

Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03059)

Mozilla Firefox, an open source web browser from the Mozilla Foundation, is vulnerable to an input validation error that results from a request initiated in reader mode that does not properly omit cookies with the SameSite attribute. An attacker could use this vulnerability to elevate privileges ...

6.1CVSS4.8AI score0.00644EPSS
Exploits1References1
NVD
NVD
added 2022/12/22 8:15 p.m.20 views

CVE-2022-29912

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS0.00644EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2022/12/22 12:0 a.m.39 views

CVE-2022-29912

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS7.6AI score0.00644EPSS
Exploits1
Hacker One
Hacker One
added 2022/09/21 4:53 p.m.22 views

Yelp: If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur

Summary: Cookies are typically sent to third parties in cross-origin requests. This can be abused to do CSRF attacks. Recently a new cookie attribute named SameSite was proposed to disable third-party usage for some cookies, to prevent CSRF attacks. Same-site cookies allow servers to mitigate the...

0.6AI score
Exploits0
CNVD
CNVD
added 2022/07/29 12:0 a.m.31 views

IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2022-54888)

IBM Security Verify Information Queue using the acronym "ISIQ" is a cross-product integrator that uses Kafka technology and a publish/subscribe model to integrate data between IBM Security products. Security Verify Information Queue is vulnerable to information disclosure in version 10.0.2. An...

7.5CVSS2.5AI score0.00659EPSS
Exploits0References1
Prion
Prion
added 2022/07/25 6:23 p.m.14 views

Information disclosure

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811...

5CVSS7AI score0.00659EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/25 5:20 p.m.80 views

CVE-2022-35284

IBM Security Verify Information Queue (ISIQ) 10.0.2 is vulnerable to information disclosure due to a missing/insecure SameSite attribute on a sensitive cookie. The issue affects ISIQ 10.0.2 and is addressed by upgrading to ISIQ 10.0.3 or newer. The lack of SameSite disables CSRF protections for t...

7.5CVSS7.1AI score0.00659EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/25 12:0 a.m.4 views

PT-2022-22686 · Ibm · Ibm Security Verify Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue version 10.0.2 Description: The issue could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. Recommendations: For IBM Security Verify Information Queu...

7.5CVSS5.3AI score0.00659EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/22 6:6 p.m.21 views

Security Bulletin: Session cookie used by IBM Security Verify Information Queue is not properly secured (CVE-2022-35284)

Summary IBM Security Verify Information Queue ISIQ v10.0.2 does not set the SameSite attribute in the ISIQ session cookie. As a result, any CSRF protections offered by the attribute are disabled. ISIQ v10.0.3 is now correctly setting the SameSite attribute. CVE-2022-35284 Vulnerability Details...

7.5CVSS6AI score0.00659EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/07/07 12:0 a.m.41 views

Oracle Linux 9 : firefox (ELSA-2022-4590)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-4590 advisory. 91.9.0-1.0.1 - Replaced upstream package with oracle-indexhtml Orabug: 33802044 - Add firefox-oracle-default-prefs.js and remove the corresponding Red...

9.8CVSS7.8AI score0.01005EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2022/05/24 12:0 a.m.34 views

Debian DLA-3020-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3020 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 9 stretch, these...

9.8CVSS7.8AI score0.01005EPSS
Exploits3References19
Tenable Nessus
Tenable Nessus
added 2022/05/20 12:0 a.m.33 views

Debian DSA-5141-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5141 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...

9.8CVSS7.9AI score0.01005EPSS
Exploits3References20
Tenable Nessus
Tenable Nessus
added 2022/05/20 12:0 a.m.35 views

SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2022:1748-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1748-1 advisory. Firefox Extended Support Release 91.9.0 ESR MFSA 2022-17bsc1198970: - CVE-2022-29914: Fullscreen...

9.8CVSS6.9AI score0.01005EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2022/05/19 12:0 a.m.64 views

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1731-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1731-1 advisory. - Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin,...

9.8CVSS8.3AI score0.01005EPSS
Exploits3References14
Redos
Redos
added 2022/05/18 12:0 a.m.58 views

ROS-20220518-01

A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application. Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that Bypasses the existing browser hint and inherits top-level permissions improperly The...

9.8CVSS8.8AI score0.01005EPSS
Exploits3
Redos
Redos
added 2022/05/18 12:0 a.m.53 views

ROS-20220518-02

A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...

9.8CVSS8.4AI score0.01005EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2022/05/12 12:0 a.m.31 views

AlmaLinux 8 : thunderbird (ALSA-2022:1730)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:1730 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and...

9.8CVSS7.9AI score0.01005EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.35 views

Mozilla Thunderbird < 91.9

The version of Thunderbird installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in...

9.8CVSS7.7AI score0.01005EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.31 views

Debian DSA-5129-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5129 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

9.8CVSS8.1AI score0.01005EPSS
Exploits3References16
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.37 views

Mozilla Thunderbird < 91.9

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs...

9.8CVSS7.8AI score0.01005EPSS
Exploits3References9
Rows per page
Query Builder