MAL-2026-4471 Malicious code in @zesyn/zeditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...

SUSE CVE-2014-8638

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery...

Mozilla Firefox Security Advisory (MFSA2015-03) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

The vulnerability of the Thunderbird email client, which allows a remote attacker to forge cross-site requests

A vulnerability exists in the Thunderbird email client’s navigator.sendBeacon function, related to the handling of HTTP status codes 30x. Exploiting this vulnerability allows a malicious actor to bypass CORS access control mechanisms and forge cross-domain requests by using a specially crafted we...

The vulnerability of the Firefox ESR browser allows a malicious actor to forge cross-site requests.

The vulnerability of Firefox ESR’s navigator.sendBeacon function, related to the processing of HTTP status codes 30x. Exploiting this vulnerability allows a malicious actor to bypass CORS access controls and forge cross-site requests by using a specially crafted website...

The vulnerability of the Firefox browser, which allows a remote attacker to forge cross-site requests

The vulnerability of the Firefox browser in the navigator.sendBeacon function, related to the processing of HTTP status codes 30x. Exploiting this vulnerability allows a malicious actor to bypass CORS access control mechanisms and forge cross-domain requests by using a specially crafted web page...

Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

UBUNTU-CVE-2015-0807

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and...

sendBeacon requests lack an Origin header — Mozilla

Security researcher Muneaki Nishimura reported that navigator.sendBeacon does not follow the cross-origin resource sharing CORS specification. This results in the request from sendBeacon lacking an origin header in violation of the W3C Beacon specification and not being treated as a CORS request...