14 matches found
Governing AI agent behavior: Aligning user, developer, role, and organizational intent
AI agents increasingly perform tasks that involve reasoning, acting, and interacting with other systems. Building a trusted agent requires ensuring it operates within the correct boundaries and performs tasks consistent with its intended purpose. In practice, this requires aligning several layers...
Unlocking User-Oriented Pages: Intention-Driven Black-Box Scanner for Real-World Web Applications
Black-box scanners have played a significant role in detecting vulnerabilities for web applications. A key focus in current black-box scanning is increasing test coverage i.e., accessing more web pages. However, since many web applications are user-oriented, some deep pages can only be accessed...
Mozilla Firefox Clickjacking Vulnerability (CNVD-2024-48569)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox is vulnerable to clickjacking. An attacker can exploit this vulnerability to confirm user intent via eavesdropping hijacking...
CVE-2024-11700
The Mozilla Foundation's Security Advisory: Malicious websites may be able to user intent confirmation through tapjacking. This could lead to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities...
CVE-2024-11700
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox 133 and Thunderbird 133...
CVE-2024-11700
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox 133 and Thunderbird 133...
Mozilla Firefox < 133.0
The version of Firefox installed on the remote Windows host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-63 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific...
Multiple Westermo Router Spoofing Vulnerabilities
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A spoofing vulnerability exists in multiple Westermo routers, where an attacker could potentially spoof a user into making a malicious request to a server because the program does not verify that the user intended to...
SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF)
This distribution enables you to build an application that lets users create and sign petitions. The contained whpetitions module doesn't sufficiently verify the intent of the user when signing a petition. A malicious user could trick another user into signing a petition they did not intend to si...
Calling Foul on the Political Football That is Do Not Track
It looks like it’s time for a do-over for DNT. The oft-maligned specification has become—like many other standards efforts before it—a political football. Parties with interests on both sides of the issue have their own agendas, cannot agree on semantics and ignore, in this case, what should be t...
TIMESINK Spyware Detection
The remote host is using the TIMESINK program. You should ensure that : - the user intended to install TIMESINK it is sometimes silently installed - the use of TIMESINK matches your corporate mandates and security policies. To remove this sort of software, you may wish to check out Ad-Aware or...
IPINSIGHT Detection
The remote host is using the IPINSIGHT program. You should ensure that the user intended to install IPINSIGHT as it is sometimes silently installed. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid12015; scriptversion"1.16";...
LOP.COM Detection
The remote host is using the LOP.COM program. You should ensure that: - the user intended to install LOP.COM it is sometimes silently installed - the use of LOP.COM matches your corporate mandates and security policies. To remove this sort of software, install software such as Ad-Aware or Spybot....
SaveNOW Detection
The remote host is using the SaveNOW program. You should ensure that: - the user intended to install SaveNOW it is sometimes silently installed - the use of SaveNOW matches your corporate mandates and security policies. To remove this sort of software, you may wish to check out ad-aware or spybot...