19 matches found
Temporal UI State Inconsistency in Desktop GUI Agents: Formalizing and Defending against TOCTOU Attacks on Computer-Use Agents
GUI agents that control desktop computers via screenshot-and-click loops introduce a new class of vulnerability: the observation-to-action gap mean 6.51 s on real OSWorld workloads creates a Time-Of-Check, Time-Of-Use TOCTOU window during which an unprivileged attacker can manipulate the UI state...
EUVD-2021-14832
Malware in sbrugna...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
CVE-2024-2609
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
Mozilla: Permission prompt input delay could expire when not in focus
The Mozilla Foundation Security Advisory describes this flaw as: The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites...
CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a clickjacking vulnerability, which is caused due to an error that occurs when the permission prompt input delay may have expired and the window is not in focus. An attacke...
Scientific Linux Security Update : GNOME Shell on SL7.x x86_64 (20150305)
It was found that the GNOME shell did not disable the Print Screen key when the screen was locked. This could allow an attacker with physical access to a system with a locked screen to crash the screen-locking application by creating a large amount of screenshots. CVE-2014-7300 This update also...
Low: Red Hat Security Advisory: GNOME Shell security, bug fix, and enhancement update
Updated gnome-shell, mutter, clutter, and cogl packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS bas...
Opera < 12 Multiple Vulnerabilities
The version of Opera installed on the remote host is prior to 12.00. It is, therefore, affected by multiple vulnerabilities : - An error exists that can allow the address bar to display incorrect locations due to certain combinations of navigation, reloads and redirects, which can aid in phishing...
CVE-2008-0591
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...
Design/Logic Flaw
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...
CVE-2008-0591
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...
File action dialog tampering — Mozilla
Security researcher Michal Zalewski demonstrated that timer-enabled security dialogs can be subverted by attackers using JavaScript to change the window focus. Zalewski showed that a user could be tricked into confirming a security dialog of this type by bringing the dialog back into focus right...