OPENSUSE-SU-2026:20345-1 Security update for python-lxml_html_clean

This update for python-lxmlhtmlclean fixes the following issues: Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack of base tag handling can allow the hijacking of the resolution of relative URLs bsc125937...

Hookup site targeted by typo-squatters

Ethical hacker and security researcher Kody Kinzie shared with BleepingComputer a list of over 50 domains of which many are spelling variations of the brand name Sniffies. Sniffies identifies itself as a "modern, map-based, meetup app for gay, bi, and curious guys." Kody used an open source tool...

JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91661)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that could ...

ASB-A-163358811

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

URLCrazy - Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage

URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage. Homepage: https://www.morningstarsecurity.com/research/urlcrazy Use Cases Detect typo squatters profiting from typos on your domain name...

Why typosquatting protection from coronavirus-themed registered domains is a must

By Waqas Typosquatting is also known as a URL hijacking attack. This is a post from HackRead.com Read the original post: Why typosquatting protection from coronavirus-themed registered domains is a must...

GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201803-14 Mozilla Thunderbird: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for detail...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact A remo...

UBUNTU-CVE-2017-7807

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

Universal MITM Web Server: CopyCat

Universal MITM Web Server CopyCat is a Node.js based universal MITM web server. Used with DNS spoofing or another redirect attack, this server will act as a MITM for web traffic between the victim and a real server. Most often we see DNS spoofing used to redirect victims to an attackers server...

iCloud Phishing Campaign Zycode Back From the Dead

A phishing campaign aimed at Chinese Apple users that was thought to be in hibernation has been roused from its slumber. Researchers in June spotted the campaign, dubbed Zycode, targeting Apple iCloud users. A rash of suspended domains that month led to a lull for the campaign however; researcher...

URLCrazy - Test domain typos and variations to detect typo squatting, URL hijacking, phishing, and corporate espionage

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. Usage Detect typo squatters profiting from typos on your domain name Protect your brand by registering popular typos Identify typo domain names that will receive...

Mozilla Firefox出错消息脚本文件名信息泄露漏洞

BUGTRAQ ID: 41860 CVE ID: CVE-2010-2754 Firefox是一款流行的开源WEB浏览器。 Firefox中的脚本出错处理方式会显示错误的来源，其中可能包含有敏感信息。假设 http://SampleSite.com/admin.asp 页面使用了以下逻辑： 1- 如果用户没有登录，重新定向到登录页面。 2- 如果用户不是管理员，重新定向到拒绝访问页面。 3- 如果用户为管理员，显示管理员菜单。 攻击者可以使用跨站URL劫持技术确认用户在SampleSite.com所处的状态，并继续执行有针对性的攻击。 Mozilla Firefox 3.6.x...

Mozilla Firefox出错处理信息泄露漏洞

BUGTRAQ ID: 40401 Firefox是非常流行的开源WEB浏览器。 Firefox的window.onerror处理器允许读取重新定向的目标URL。如果通过HTML script标签引用了重新定向站点的话，就可以读取目标URL中所包含的会话特定查询参数。 Mozilla Firefox 3.6.3 Mozilla Firefox 3.5.9 厂商补丁： Mozilla ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.mozilla.org/ XSUH Cross Site URL...

Cross Site URL Hijacking by using Error Object in Mozilla Firefox

I want to represent a method for performing Cross Site URL Hijacking which we can call XSUH by using the error object of Mozilla Firefox. XSUH attack is used to steal another website URL. This URL can show the client’s situation on that website, and it can contain confidential parameters such as...

Browser Attacks Continue to Evolve

While the security teams at Microsoft, Mozilla and the other browser vendors continue to work on new defenses and exploit mitigations, the state of the art in attacks is continuing to evolve. Security researcher Robert Hansen recently pointed out a new technique that could be used for a twist on...