68 matches found
Race condition
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...
Design/Logic Flaw
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
Code injection
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...
CVE-2024-26281
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...
CVE-2024-26281
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
CVE-2024-1563
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...
CVE-2024-1563
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...
CVE-2024-1563
CVE-2024-1563 affects Mozilla Firefox for iOS Focus prior to version 122. The issue is a timeout race condition involving opening an external URL with a custom Firefox scheme, allowing an attacker to run unauthorized scripts on the top-origin page via a JavaScript URI. Connected documents confirm...
PT-2024-21329 · Mozilla · Firefox For Ios
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 123 Description: An issue allows an attacker to execute unauthorized scripts on the current top origin sites in the URL bar when a JavaScript URI is scanned with the QR code scanner. Recommendations: For...
PT-2024-18134 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 122 Description: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...
Cross Site Scripting (XSS)
@serenity-is/corelib is vulnerable to Cross Site Scripting XSS. The vulnerability is caused by improper URL validation within LoginPage.tsx because it fails to ensure that URLS don't start with a forward slash /, enabling malicious email links to execute unauthorized scripts...
Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...
Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Upon scanning a JavaScri...
CVE-2024-0605
The CVE-2024-0605 issue affects Mozilla Focus for iOS prior to version 122. A race condition arises when using a javascript: URI with setTimeout, enabling an attacker to run unauthorized scripts on top-origin sites via the URL bar, potentially leading to arbitrary code execution or unauthorized a...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...