[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15162 Download | Alert*

Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.

Mozilla Firefox 68 : Activity Stream can display content from sent from the Snippet Service website. This content is written to <code>innerHTML</code> on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised.

Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.

Mozilla Firefox 68 : Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering.

Mozilla Firefox 68 : The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion.

Mozilla Firefox 68 : A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension.

Mozilla Firefox 68 : Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks.

Mozilla Firefox 68 : When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections.

Mozilla Firefox 68 : A vulnerability exists where it possible to force Network Security Services (NSS) to sign <code>CertificateVerify</code> with PKCS#1 v1.5 signatures when those are the only ones advertised by server in <code>CertificateRequest</code> in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.

Mozilla Firefox 68 : The HTTP Alternative Services header, <code>Alt-Svc</code>, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1516

© SecPod Technologies