[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250039

 
 

909

 
 

195882

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 195144 Download | Alert*

The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers to spoof page content or conduct click-jacking attacks.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4, Mozilla Thunderbird 91.4 : It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4, Mozilla Thunderbird 91.4 : Using the Location API in a loop could have caused severe application hangs and crashes.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4 : When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4, Mozilla Thunderbird 91.4 : Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4, Mozilla Thunderbird 91.4 : Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4, Mozilla Thunderbird 91.4 : When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4 : WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4, Mozilla Thunderbird 91.4 : Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash.

Mozilla Firefox 95, Mozilla Firefox ESR 91.4, Mozilla Thunderbird 91.4 : By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.


Pages:      Start    8592    8593    8594    8595    8596    8597    8598    8599    8600    8601    8602    8603    8604    8605    ..   19514

© SecPod Technologies