14 matches found
CVE-2026-34777
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
Mozilla: Race condition in permission assignment
The Mozilla Foundation Security Advisory describes this flaw as: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin...
SUSE CVE-2024-6601
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox 128, Firefox ESR 115.13, Thunderbird 115.13, and Thunderbird 128...
CVE-2024-26281
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
Code injection
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...
CVE-2024-26281
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
CVE-2024-1563
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...
Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Upon scanning a JavaScri...
Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. An attacker could execut...
PT-2024-15683 · Facebook · Focus
Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 122 Description: The issue allows an attacker to execute unauthorized scripts on top origin sites in the urlbar by using a javascript: URI with a setTimeout race condition. This bypasses security measures,...