[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 8507 Download | Alert*

Mozilla Firefox before 57.0 :- The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

Mozilla Firefox before 57.0 :- Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

Mozilla Firefox before 57.0 :- A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.

Mozilla Firefox before 57.0 :- Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.

Mozilla Firefox before 57.0 :- SVG loaded through img tags can use meta tags within the SVG data to set cookies for that page.

Mozilla Firefox before 57.0 :- Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion.

Mozilla Firefox before 57.0 :- Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.

Mozilla Firefox before 57.0 :- JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to b ...

Mozilla Firefox before 57.0 :- If a documents Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for link elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests.

Mozilla Firefox before 57.0 :- The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   850

© SecPod Technologies