Lucene search
K

24 matches found

CVE
CVE
added 2026/06/23 4:8 p.m.15 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...

9.6CVSS6AI score0.00555EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:59 p.m.14 views

yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...

9.6CVSS5.7AI score0.00555EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.6 views

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

8.8CVSS8.6AI score0.00365EPSS
Exploits1References1
NVD
NVD
added 2025/12/15 9:15 p.m.16 views

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

8.8CVSS0.00365EPSS
Exploits1References3
Veracode
Veracode
added 2023/10/02 6:7 p.m.28 views

Information Disclosure

Firefox is vulnerable to Information Disclosure. The vulnerability exists after downloading a Windows .url shortcut from the local filesystem, which allows an attacker to supply a remote path that would lead to unexpected network requests from the operating system, leaking the NTLM credentials to...

8.1CVSS6.3AI score0.00775EPSS
Exploits1References8Affected Software1
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: firefox

Issue Overview: firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with...

8.8CVSS9.6AI score0.00817EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2023/06/02 5:15 p.m.32 views

CVE-2023-25734

After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox on Windows. Othe...

8.1CVSS6.9AI score0.00775EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2023/06/02 12:0 a.m.24 views

CVE-2023-25734

After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox on Windows. Othe...

8.1CVSS7.6AI score0.00775EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.18 views

GLSA-202305-35 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-35 Mozilla Firefox: Multiple Vulnerabilities - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. CVE-2023-0767 -...

8.8CVSS8AI score0.00952EPSS
Exploits1References47
Amazon
Amazon
added 2023/03/06 12:0 a.m.40 views

Important: thunderbird

Issue Overview: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted messa...

8.8CVSS8.4AI score0.01812EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.37 views

SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:0469-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0469-1 advisory. Updated to version 102.8.0 ESR bsc1208144: - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes....

8.8CVSS6.9AI score0.00817EPSS
Exploits1References31
Mozilla
Mozilla
added 2023/02/15 12:0 a.m.129 views

Security Vulnerabilities fixed in Thunderbird 102.8 — Mozilla

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this...

8.8CVSS0.8AI score0.00817EPSS
Exploits0References16Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.28 views

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-045-01)

The version of mozilla-firefox installed on the remote host is prior to 102.8.0esr / 110.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-045-01 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory...

8.8CVSS7.8AI score0.00817EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2023/02/14 12:0 a.m.25 views

Mozilla Firefox ESR < 102.8

The version of Firefox ESR installed on the remote Windows host is prior to 102.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-06 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of...

8.8CVSS7.8AI score0.00817EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2008/11/13 12:0 a.m.32 views

Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities

The installed version of Firefox 3.0 is earlier than 3.0.4. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. MFSA 2008-47 - 'file:' URIs are given chrome privileges when opene...

10CVSS8.2AI score0.10187EPSS
Exploits2References20
NVD
NVD
added 2008/10/15 8:8 p.m.18 views

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...

4.3CVSS5.9AI score0.10187EPSS
Exploits1References32
Prion
Prion
added 2008/10/15 8:8 p.m.19 views

Information disclosure

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...

4.3CVSS5.8AI score0.10187EPSS
Exploits2References32Affected Software4
Cvelist
Cvelist
added 2008/10/15 8:0 p.m.25 views

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...

9.3AI score0.10187EPSS
Exploits1References32
CVE
CVE
added 2008/10/15 8:0 p.m.84 views

CVE-2008-4582

CVE-2008-4582 describes an information leak through local Windows shortcut files (.url) that could bypass Same Origin Policy and disclose data via an HTML document. Publicly documented details indicate affected products include Mozilla Firefox 3.0.1–3.0.3, Firefox 2.x prior to 2.0.0.18, and SeaMo...

4.3CVSS9.3AI score0.10187EPSS
Exploits1References32Affected Software1
UbuntuCve
UbuntuCve
added 2008/10/15 12:0 a.m.53 views

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...

4.3CVSS5.9AI score0.10187EPSS
Exploits1References3
Rows per page
Query Builder