129 matches found
PT-2023-27003 · Node.Js +1 · Node.Js +1
Name of the Vulnerable Software and Affected Versions: SES versions 0.13.0 through 0.13.4 SES versions 0.14.0 through 0.14.4 SES versions 0.15.0 through 0.15.23 SES versions 0.16.0 through 0.16.0 SES versions 0.17.0 through 0.17.0 SES versions 0.18.0 through 0.18.6 Description: There is a hole in...
SUSE CVE-2010-0160
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibl...
SUSE CVE-2017-7843
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not...
SUSE CVE-2018-5092
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...
SUSE CVE-2020-12387
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR 68.8, Firefox 76, and Thunderbird 68.8.0...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
GHSA-MC52-JPM2-CQH6 Deno is vulnerable to race condition via interactive permission prompt spoofing
Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...
CVE-2023-22499
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
Code injection
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-2023-22499 Interactive permission prompt spoofing in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-2023-22499 Interactive permission prompt spoofing in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-2023-22499 Interactive permission prompt spoofing in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
PT-2023-1315 · Deno · Deno
Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.29.3 Description: The issue is related to errors in synchronization when using a shared resource in Deno, a runtime for JavaScript and TypeScript. This could allow a remote attacker to execute arbitrary code...
Updated firefox packages fix security vulnerability
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...
Mageia: Security Advisory (MGASA-2017-0448)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2020-15652
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...
Mozilla: Potential leak of redirect targets when loading scripts in a worker
The Mozilla Foundation Security Advisory describes this flaw as: By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script...
Mozilla: Potential leak of redirect targets when loading scripts in a worker
The Mozilla Foundation Security Advisory describes this flaw as: By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script...
CVE-2020-12387
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR 68.8, Firefox 76, and Thunderbird 68.8.0...