15 matches found
Astra Linux - уязвимость в firefox, thunderbird
An attacker who has control over a content process could potentially use the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138...
EUVD-2015-0832
Malware in sbrugna...
SUSE CVE-2025-4085
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138...
CVE-2025-4085
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox 138 and Thunderbird 138...
CVE-2025-4085
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox 138 and Thunderbird 138...
UBUNTU-CVE-2025-4085
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 138, which stems from an attacker's ability to disclose sensitive information or elevate privileges using a privileged UITour act...
PT-2025-18154
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 138 Thunderbird versions prior to 138 Description An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges...
Mozilla -- Information leak
[email protected] reports: An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges...
CVE-2015-0819
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...
Spoofing
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...
CVE-2015-0819
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...
CVE-2015-0819
The CVE-2015-0819 issue affects Mozilla Firefox and stems from UITour::onPageEvent not validating that an API call originates from a foreground tab. This can enable spoofing and clickjacking when a UITour page in a background tab is whitelisted. Affected releases are Firefox versions before 36.0;...
CVE-2015-0819
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...
UI Tour whitelisted sites in background tab can spoof foreground tabs — Mozilla
Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could then use that tab to engage i...