6 matches found
CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2025-1935
CVE-2025-1935 is described in connected advisories as a UI/protocol-handler spoof affecting Firefox and Thunderbird before versions 136 (Firefox) / 128.8 (Firefox ESR) and before 136 (Thunderbird) / 128.8 (Thunderbird). The issue allows a malicious web page to coax a user into setting that site a...
Exploit for CVE-2022-44666
Microsoft Windows Contacts VCF/Contact/LDAP syslink control...
Steam Gaming Platform Vulnerable to Remote Exploits; 50 Million at Risk
More than 50 million users of the Steam gaming and media distribution platform are at risk for remote compromise because of weaknesses in the platform’s URL protocol handler, a pair of researchers at ReVuln wrote in a paper released this week. Luigi Auriemma and Donato Ferrante discovered a numbe...
JVN#80404511: Windows URL Protocol Handler may insecurely load executable files
Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution...
Microsoft Internet Explorer 0-day vulnerability
Unfiltered shell characters on executed URL: protocol application handler...