Lucene search
+L

28 matches found

susecve
susecve
added 2024/08/07 2:55 a.m.3 views

SUSE CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

8.8CVSS6.1AI score0.00489EPSS
Exploits0References6
osv
osv
added 2024/08/06 1:15 p.m.12 views

CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1CVSS5.6AI score
Exploits0References4
osv
osv
added 2024/08/06 1:15 p.m.1 views

DEBIAN-CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1CVSS7.3AI score0.00489EPSS
Exploits0References1
osv
osv
added 2024/08/06 1:15 p.m.7 views

UBUNTU-CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1CVSS5.6AI score0.00489EPSS
Exploits0References9
susecve
susecve
added 2023/02/15 4:31 a.m.4 views

SUSE CVE-2018-5175

A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...

6.1CVSS8.5AI score0.01454EPSS
Exploits0References11
osv
osv
added 2018/06/11 9:29 p.m.3 views

CVE-2018-5175

A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...

6.1CVSS7.3AI score0.01454EPSS
Exploits0References5
cve
cve
added 2018/06/11 9:0 p.m.138 views

CVE-2018-5175

CVE-2018-5175 describes a universal CSP bypass on sites using strict-dynamic. An HTML injection flaw could reference Firefox DevTools’ require.js to bypass CSP and execute injected scripts. Affected product: Mozilla Firefox

6.1CVSS6.3AI score0.01454EPSS
Exploits0References5Affected Software1
osv
osv
added 2018/05/11 12:0 a.m.4 views

UBUNTU-CVE-2018-5175

A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...

6.1CVSS6.9AI score0.01454EPSS
Exploits0References4
Rows per page
Query Builder