91 matches found
CVE-2022-28873
A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks...
CVE-2022-28873
CVE-2022-28873 describes a vulnerability in the F-Secure SAFE browser where an attacker could abuse the Javascript window.open functionality to perform an address bar spoofing attack. The NVD entry lists a CVSS v3.1 base score of 4.3 (Medium) with attack vector Network, no privileges, user intera...
CVE-2021-44683
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function used to open a secondary browser window. This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would...
CVE-2021-44683
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function used to open a secondary browser window. This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would...
Design/Logic Flaw
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function used to open a secondary browser window. This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would...
CVE-2021-44683
The CVE-2021-44683 entry concerns the DuckDuckGo browser on iOS (version 7.64.4). The issue is a spoofing vulnerability caused by mishandling of the JavaScript window.open function, which can allow an attacker to show a legitimate-looking URL in the address bar while serving content from the atta...
CVE-2021-44683
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function used to open a secondary browser window. This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would...
CVE-2021-38497
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
CVE-2021-38497
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
CVE-2021-38497
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
CVE-2021-38497
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
CVE-2021-38497
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
Mozilla Firefox Access Control Error Vulnerability (CNVD-2021-90094)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox. The vulnerability stems from the fact that plain text validation messages may be overwritten on another source through the use of the reportValidi...
Spoofing Attacks
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks...
CVE-2021-38497
Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
CVE-2020-4075
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling event.preventDefault on all new-window events where the url or options is not...
CVE-2020-4075
Summary: CVE-2020-4075 affects Electron before 7.2.4, 8.2.4, and 9.0.0-beta21, allowing arbitrary local file read by defining unsafe window options on a child window opened with window.open. Root cause: unsafe window options on child windows. Impact: local file read via manipulated window options...
Spoofable Address Bar
Mozilla Firefox is vulnerable to Spoofable Address Bar. A flaw was found in the way Firefox displays the address bar when window.open is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site...
CVE-2018-12016
libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via certain window.open and document.write calls...
CVE-2018-12016
libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via certain window.open and document.write calls...