5373 matches found
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
SUSE SLES15: ruby2.5-rubygem-websocket-extensions / etc (SUSE-SU-2023:0127-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0127-1 advisory. - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker bsc1172445. Tenable has...
Information Disclosure
firefox is vulnerable to Information Disclosure. A mishandled security check when creating a WebSocket in a WebWorker caused the content security Policy connect-src header to be ignored leading to connections to be restricted from inside WebWorkers...
SUSE-SU-2023:0127-1 Security update for rubygem-websocket-extensions
This update for rubygem-websocket-extensions fixes the following issues: - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker bsc1172445...
MGASA-2023-0018 Updated firefox packages fix security vulnerability
A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...
Oracle Linux 7 : firefox (ELSA-2023-0296)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0296 advisory. 102.7.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
USN-5816-1 firefox vulnerabilities
Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...
PT-2023-12449 · Unknown · Onlyoffice
Name of the Vulnerable Software and Affected Versions: ONLYOFFICE all versions as of 2021-11-08 Description: The issue is related to Incorrect Access Control, allowing an attacker to authenticate with the web socket service of the ONLYOFFICE document editor. This service is protected by JWT auth,...
ONLYOFFICE 授权问题漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from being affected by incorrect access control. An attacker can use the default JWT signature key to authenticate to the Web...
CVE-2021-43445
ONLYOFFICE WebSocket authentication can be bypassed due to a default JWT signing key, affecting all versions up to 2021-11-08. The flaw is incorrect access control in the ONLYOFFICE document editor’s WebSocket service, allowing an unauthenticated attacker to gain privileged access by using the de...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5816-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5816-1 advisory. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new...
CVE-2023-23602
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Debian DSA-5322-1 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5322 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox DataTransfer.setData...
Denial Of Service (DoS)
mercurius is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an application crash via sending a malformed packet over WebSocket to /graphql resulting in Denial of Service...