20 matches found
Astra Linux - уязвимость в firefox, thunderbird
When interacting with the file picker dialog of an HTML input element using the webkitdirectory setting, a use-after-free vulnerability may occur, leading to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox versions less than 94, Thunderbird versions less...
Linux Distros Unpatched Vulnerability : CVE-2021-38504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption a...
SUSE CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
AlmaLinux 8 : firefox (ALSA-2021:4123)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...
Mageia: Security Advisory (MGASA-2021-0505)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
Design/Logic Flaw
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
Mozilla: Use-after-free in file picker dialog
The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in file picker dialog
The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in file picker dialog
The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in file picker dialog
The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in file picker dialog
The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in file picker dialog
The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in file picker dialog
The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash...
Brave Software: OS username disclosure
Summary: Using the webkitdirectory alongside minor user interaction, we are able to grab OS username of a victim. This is because the webkitdirectory object is not properly sanitized after a folder has been picked. In my case, the downloads folder was the default folder to select and so I ended u...
For cross-browser local file disclosure vulnerability analysis-vulnerability warning-the black bar safety net
Foreword You know? You can easily turn ordinary file selector into a folder picker, to do this, simply drag the attribute“webkitdirectory”added to the type ='file'in the given input element on the line. Of course, with the folder selector is different, eventually you will load a given folder all...
Mozilla Firefox webkitdirectory local files disclosure (CVE-2017-5414)
I have reported three different bugs to Mozilla in the webkitdirectory feature. Luckily the folder picker was only implement in Mozilla's Nightly browser, which is meant to test out new features before landing in the stable version. Bug 1295914 - webkitdirectory could be used to trick users into...
Google Chrome webkitdirectory Information Disclosure
Google was the first vendor I contacted regarding this. After initially recieving a SEC-MEDIUM rating, it was later changed to SEC-LOW and ignored for months 6. It turned out that Chrome would be able to detect this type of bug if anyone would try to use it on a mass scale, as it is logged by...