Lucene search
K

91 matches found

RedHat Linux
RedHat Linux
added 2024/12/02 1:28 a.m.2 views

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

6.1CVSS7.2AI score0.00495EPSS
Exploits0References10
SUSE Linux
SUSE Linux
added 2024/11/27 8:34 a.m.5 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 bsc1233695: CVE-2024-11691: Memory corruption in Apple GPU drivers CVE-2024-11692: Select list elements could be shown...

9.8CVSS10AI score0.00833EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2024/11/27 4:4 a.m.3 views

SUSE CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.3CVSS5.8AI score0.00495EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2024/11/26 10:23 p.m.16 views

CVE-2024-11694

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

6.1CVSS5.6AI score0.00495EPSS
Exploits0References9
OSV
OSV
added 2024/11/26 2:15 p.m.2 views

DEBIAN-CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS6.9AI score0.00495EPSS
Exploits0References1
OSV
OSV
added 2024/11/26 2:15 p.m.2 views

UBUNTU-CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS7.3AI score0.00495EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/11/26 1:33 p.m.6 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.3AI score0.00495EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/11/26 1:33 p.m.16 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

0.00495EPSS
Exploits0References7
CVE
CVE
added 2024/11/26 1:33 p.m.351 views

CVE-2024-11694

The CVE-2024-11694 issue is a CSP frame-src bypass and DOM-based XSS stemming from Enhanced Tracking Protection in Mozilla products via the Web Compatibility extension’s Google SafeFrame shim. Affected: Firefox versions <133, Firefox ESR <128.5, Firefox ESR <115.18, Thunderbird <133, ...

6.1CVSS6.3AI score0.00495EPSS
Exploits0References8Affected Software2
AlpineLinux
AlpineLinux
added 2024/11/26 1:33 p.m.24 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS6.5AI score0.00495EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/11/26 1:33 p.m.11 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS6.9AI score0.00495EPSS
Exploits0
Mozilla
Mozilla
added 2024/11/26 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 115.18 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Enhanced Tracking Protection's Strict...

8.8CVSS6.2AI score0.00704EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/18 12:0 a.m.22 views

Amazon Linux 2 : firefox (ALASFIREFOX-2024-030)

The version of firefox installed on the remote host is prior to 115.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-030 advisory. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be...

9.8CVSS7.6AI score0.00598EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2024/08/15 5:21 a.m.3 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:5 p.m.4 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:56 p.m.5 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:56 p.m.5 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:51 p.m.5 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:49 p.m.2 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:48 p.m.4 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
Rows per page
Query Builder