CVE-2025-48464

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

CVE-2025-48464 Exposure of Sensitive Information

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

CVE-2025-48464

CVE-2025-48464 describes a vulnerability in Sync that could allow an unauthenticated attacker to access a victim’s Sync account data, including account credentials and email protection information. The available documents identify the affected product as Sync and cite unauthorized access to sensi...

CVE-2025-48464 Exposure of Sensitive Information

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

PT-2025-41237

Name of the Vulnerable Software and Affected Versions Sync affected versions not specified Description Exploitation of the issue could allow an unauthenticated attacker to gain access to a victim’s Sync account data, including account credentials and email protection information. Recommendations ...

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

CVE-2019-9812

CVE-2019-9812 describes a sandbox-escape in Mozilla Firefox/Firefox ESR: by loading accounts.firefox.com in a compromised sandboxed content process and auto-logging into a malicious Firefox Sync account, the adversary could cause sandbox-disabled preferences to be written to the local machine and...

Mozilla: Sandbox escape through Firefox Sync

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

USN-4122-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy CSP protections, bypass same-origin restrictions, conduct cross-site...

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

Unpassworded 'sync' Account

The account 'sync' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "sync"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11247; scriptversion"1.34";...