29 matches found
Astra Linux - уязвимость в thunderbird, firefox
A poorly handled security check during the creation of a WebSocket in a WebWorker caused the Content Security Policy’s connect-src header to be ignored. This could lead to connections being made to restricted origins from within WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102....
OESA-2024-2120 mozjs78 security update
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security...
OESA-2024-2057 mozjs78 security update
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security...
DEBIAN-CVE-2023-23602
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Information disclosure
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Thunderbird 102.7, and Firefox ESR 102.7...
CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-23602
CVE-2023-23602 describes a mishandled security check when creating a WebSocket in a WebWorker, causing the Content Security Policy connect-src header to be ignored. Affected products in the provided sources include Firefox (versions before 109), Firefox ESR (before 102.7), and Thunderbird (before...
CVE-2023-23602
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Mageia: Security Advisory (MGASA-2023-0018)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2023-23602
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Oracle Linux 7 : thunderbird (ELSA-2023-0456)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0456 advisory. 102.7.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.7.1-1 - Update to...
Information Disclosure
firefox is vulnerable to Information Disclosure. A mishandled security check when creating a WebSocket in a WebWorker caused the content security Policy connect-src header to be ignored leading to connections to be restricted from inside WebWorkers...
Updated firefox packages fix security vulnerability
A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...
Oracle Linux 8 : firefox (ELSA-2023-0288)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0288 advisory. 102.7.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...