CVE-2024-30252 GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015`

Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is ...

LastPass Credential Leak From Previous Site

lastpass: bypassing dopopupregister leaks credentials from previous site I noticed that you can create a popup without calling dopopupregister by iframing popupfilltab.html i.e. via moz-extension, ms-browser-extension, chrome-extension, etc. It's a valid webaccessibleresource. Because...