CVE-2024-6605

Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox 128...

CVE-2024-6605 Firefox Android missed activation delay to prevent tapjacking

Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox 128...

CVE-2024-6605

Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox 128...

CVE-2024-6605 Firefox Android missed activation delay to prevent tapjacking

Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox 128...

CVE-2024-6605

CVE-2024-6605 affects Firefox for Android, where an immediate interaction with permission prompts can enable tapjacking. The description in sources states Firefox Android

Security Vulnerabilities fixed in Firefox 128 — Mozilla

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. Clipboard code...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the onCreate method of the multiple files file, which can be exploited to trick a user into granting health privileges via tapjacking. A...

PT-2024-23969 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a possible way to trick the user into granting health permissions due to tapjacking in the onCreate method of multiple files. This...

Mozilla Firefox < 128.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 128.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-29 advisory. - When almost out-of-memory an elliptic curve key which was never allocated could have been freed again...

CVE-2023-42011

CVE-2023-42011 affects IBM Sterling B2B Integrator Standard Edition versions 6.1 and 6.2. The vulnerability arises because frame objects or UI layers can belong to another application or domain, potentially leading to user confusion about the active interface (tapjacking-like framing issue). The ...

CVE-2023-42011 IBM Sterling B2B Integrator Standard Edition tapjacking

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508...

CVE-2023-42011 IBM Sterling B2B Integrator Standard Edition tapjacking

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508...

ASB-A-313425281

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-302431573

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...

CVE-2023-0654

Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...

CVE-2023-0654

Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...

Information disclosure

Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...

CVE-2023-0654 Spoofing User's Activity Loads in WARP Mobile Client (Android)

Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...

CVE-2023-0654

CVE-2023-0654 affects the WARP Mobile Client for Android, prior to version 6.29. The vulnerability results from a misconfiguration that allows tapjacking, enabling a malicious app to deceive users into thinking the attacker’s UI is the WARP client (spoofing user activity loads). Evidence across m...

CVE-2023-0654 Spoofing User's Activity Loads in WARP Mobile Client (Android)

Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...