116 matches found
Authentication Bypass
firefox is vulnerable to authentication bypass. The vulnerability exists because preload cache bypasses subresource integrity when loading a script which allows an attacker to gain access to internal system and perform unwanted action...
Ubuntu: Security Advisory (USN-5536-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5536-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, bypass Subresource Integrity protections, obtain sensitive information,...
USN-5536-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, bypass Subresource Integrity protections, obtain sensitive information,...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-17325)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. versions prior to Mozilla Firefox 103 are vulnerable to a resource management error that stems from a cache preload error. When loading a script with subresource integrity, an attacker could exploit the vulnerability to...
CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
UBUNTU-CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
Mozilla Firefox < 103.0
The version of Firefox installed on the remote Windows host is prior to 103.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-28 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs...
Mozilla Firefox Security Advisory (MFSA2022-28) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2022-28. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Mozilla Firefox 资源管理错误漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. versions prior to Mozilla Firefox 103 are vulnerable to a resource management error that stems from a cache preload error. When loading a script with subresource integrity, an attacker could exploit the vulnerability to...
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...
GHSA-VX3P-948G-6VHQ Regular Expression Denial of Service (ReDoS)
npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...
ALPINE-CVE-2021-27290
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...
DEBIAN-CVE-2021-27290
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...
ssri 安全漏洞
nlf ssri is nlf an open source application. Provides an acronym for Standard Subresource Integrity, a Node.js utility for parsing, manipulating, serializing, generating and validating Subresource Integrity hashes. A security vulnerability exists in ssri 5.2.2-8.0.0 that stems from the use of...
CVE-2020-25209
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API...
webpack-subresource-integrity data forgery issue vulnerability
webpack-subresource-integrity is a personal developer's npm extension for website static file security. The library generates an encrypted hash code that can be used to verify that files fetched by the browser e.g. from a CDN are secure. A webpack plugin vulnerability exists in versions prior to...