OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Impact fetchWithSsrFGuard replays unsafe request bodies across cross-origin redirects. A guarded fetch could resend unsafe request bodies or headers when following cross-origin redirects. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does n...

SUSE CVE-2020-27918

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary...

Mozilla: Arbitrary file read from GTK drag and drop on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

Mozilla: A popup window could be resized in a way to overlay the address bar with web content

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a malicious website that creates a popup that could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

USN-4696-1 htmldoc vulnerability

It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service...

Mozilla: Arbitrary local file access with 'Copy as cURL'

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, i...

Mozilla Firefox Redirection Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox suffers from a redirection vulnerability that can be exploited by attackers to construct malicious URLs, trick users into parsing them, and redirect them to arbitrary web sites...

Double-clicking a link can run a program from the Internet – Opera Security Advisories

Double-clicking a link can run a program from the Internet – Opera Security Advisories OPCOM Team | December 19, 2005 Summary If a user double-clicks a Web link leading to a program,that program can be run. The second click may go intothe “Open” button of the file download dialog. Severity:...

[EXPL] PHP-Nuke POST Method Admin Variable Privilege Escalation

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...