16 matches found
Astra Linux – Vulnerability in Firefox
One phishing tactic on the internet involves providing a link with HTTP Auth. For example, it might look like “https://[email protected]”. To mitigate this type of attack, Firefox will display a warning dialog box. However, this warning dialog would not be shown if evil.com used a...
SUSE CVE-2020-6416
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
SUSE CVE-2020-26954
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
SUSE CVE-2020-26956
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2020-72461)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory corruption vulnerability exists in Mozilla Firefox versions prior to 83. An attacker could exploit this vulnerability to cause memory corruption and program crash...
CVE-2020-26954
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory corruption vulnerability exists in Mozilla Firefox versions prior to 83. An attacker could exploit this vulnerability to cause memory corruption and program crash...
CVE-2020-15684
Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 82...
CVE-2020-15674
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 81...
CVE-2020-15665
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox 80...
Google Chrome Security Bypass Vulnerability (CNVD-2020-49912)
Google Chrome is a web browser. A security vulnerability exists in Google Chrome versions prior to 85.0.4183.83. An attacker can exploit this vulnerability to bypass security restrictions...
UBUNTU-CVE-2020-15665
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox 80...
Google Chrome Cross-Origin Data Leakage Vulnerability
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A cross-origin data leakage vulnerability exists in Google Chrome versions prior to 80.0.3987.87. The vulnerability stems from an improper implementation of CORS in...
Google Chrome Heap Corruption Vulnerability (CNVD-2020-05134)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A heap corruption vulnerability exists in Google Chrome versions prior to 80.0.3987.87. The vulnerability stems from insufficient data validation of streams in Goog...
cPanel Information Disclosure Vulnerability (CNVD-2019-26330)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An information disclosure vulnerability exists in cPanel versions prior to 80.0.5. The vulnerability stems from a configuration o...