757 matches found
DEBIAN-CVE-2021-38508
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
CVE-2021-38508
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
CVE-2021-43805
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...
CVE-2021-43805
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3745-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3745-1 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing...
Vim 资源管理错误漏洞
Vim is a UNIX-based editor, and a resource management error vulnerability exists in Vim, which stems from the product's failure to determine the validity of resources and can be exploited by attackers to cause abnormal operations...
MGASA-2021-0506 Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...
Updated firefox packages fix security vulnerability
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Invalid or missing validity check
Handle fr0zn Vulnerability details Vulnerability Details On the AirdropDistribution.sol, inside the validate function line 506 , the validatedmsg.sender is not checked and the validation for an already airdropped user is done using the airdropmsg.sender.amount value. Provide a detailed descriptio...
Function Spoofing
firefox is vulnerable to function spoofing. By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the...
Oracle Linux 8 : thunderbird (ELSA-2021-4130)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4130 advisory. 91.3.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.3.0-2 - Update to 19.3.0 build2 91.3.0-1 - Upda...
Oracle Linux 8 : firefox (ELSA-2021-4123)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4123 advisory. 91.3.0-1.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.3.0-1 - Update to 91.3.0...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Mozilla Firefox has an unspecified vulnerability (CNVD-2021-101166)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox, which stems from the fact that by displaying form validity messages in the correct location, as well as permission prompts such as geolocation, the validity...
Oracle Linux 7 : firefox (ELSA-2021-4116)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4116 advisory. 91.3.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.j...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
UBUNTU-CVE-2021-38497
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...