Cross-Site Request Forgery (CSRF)

typo3/cms-extensionmanager is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods for state-changing actions and the backend user interface being susceptible to malicious URLs under specific misconfigurations, allows an attacker to retrieve...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

Addressing the “CrossBarking” vulnerability discovered in collaboration with Guardio

News, Security Addressing the “CrossBarking” vulnerability discovered in collaboration with Guardio Share October 30th, 2024 Hi Opera users! Over time, we have shared details about how we approach security vulnerabilities, and especially how we work with external security researchers to identify...

CVE-2024-40821

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions...

GHSA-F624-8HFQ-5FH3 TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to Inline JavaScript settings within the RequireJS package, which allows an attacker to retrieve additional information about the installed system and third-party extensions...

PT-2024-40385 · Requirejs · Requirejs

Name of the Vulnerable Software and Affected Versions: RequireJS affected versions not specified Description: A potential issue has been discovered in the mechanisms used for configuration of RequireJS package loading, making it susceptible to information disclosure. This could allow a potential...

Fedora 30 : seamonkey (2020-b00f3fbb69)

Upgrade to 2.53.1 SeaMonkey-2.53.1, being initially based on the Firefox-56 and Thunderbird-56 code, incorporates now a lot of backported features and security fixes from the newer Firefox/Thunderbird versions up to 75. That way it tries to be a modern browser, preserving the same time the famili...

CVE-2019-8779

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions...

Brave Software: No user confirmation when an auto-updated extension gets more permissions

Summary: In Chrome, when extensions are auto-updated, if the permissions change, the extension is preventatively disabled and the user has to confirm they wish to re-enable it with the additional permissions. While it appears Brave has a functioning Extension auto-updater e.g. for the PDF...

Chrome third-party extensions to be exposed can record private information and sell it-vulnerability warning-the black bar safety net

The Swedish security firm Detectify Labs currently represents some of the Chrome extension app will track The user's Internet history, and even also includes Facebook Connect and privacy of the access token, is connected to a private Dropbox and Google Drive file link. Affect a wide range is not...

Mozilla Firefox Add-on SDK Cross-Site Scripting Vulnerability

Mozilla Firefox is an open source web browser. A cross-site scripting vulnerability exists in the Mozilla Firefox Add-on SDK due to a failure of the program to properly handle the 'script: false' panel setting, which allows remote attackers to conduct cross-site scripting attacks using inline...

Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Request Forgery CSRF Overall Severity: Low Release Date: January 31, 2014 Affected Versions: All versions below 6.2 CVE: Will be requested. Probl...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: booking, cronmmratsinfo, icsawstats, iflowgallery, keuserregister, metabeawstatsind, powermailoptin, smarty, youtubevideos Release Date: September 25, 2013 Please read first: This Collective Security Bulletin C...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: fed, myquizpoll, push2rss3ds, slideshare, wecdiscussion Release Date: February 19, 2013 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eusubscribe, exinitjoboffer, fefilebrowser, jscssoptimizer, kkcsv2table, lonewsseo, mnmysql2json, newssearch, tipafriendplus, twitterauth, sofortueberweisung2commerce, sysmessages...

TYPO3 T3 jQuery Extension任意PHP代码执行漏洞

BUGTRAQ ID: 57280 Typo3是开源内容管理系统（CMS）和内容管理框架（CMF）。 TYPO3 T3 jQuery 2.2.0及之前版本对用户控制的输入使用了 "unserialize"，可被利用执行任意PHP代码。 0 TYPO3 T3 jQuery extension = 2.2.0 厂商补丁： TYPO3 ----- TYPO3已经为此发布了一个安全公告（typo3-ext-sa-2013-001）以及相应补丁: typo3-ext-sa-2013-001：TYPO3-EXT-SA-2013-001: Several vulnerabilities in thir...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools, t3jquery, oneclicklogin Release Date: January 11, 2013 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with...

CVE-2012-1605

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument." To our knowledge it is neither...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: fewhois, cagtables, additionalreports, generaldatadisplay, realty, dkdfeuserbelogin, tcfbconnect, dixeasylogin, ajadofacebook, facebook2t3, sociallogin2t3, kbeventboard, news Release Date: March 28, 2012 Please...