By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to connections to restricted origins from inside WebWorkers.ĭESCRIPTION: Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by navigations being allowed when dragging a URL from a cross-origin iframe into the same tab. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.ĬVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)ĭESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to correctly apply Content Security Policy to WebSockets in WebWorkers. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to exfiltrate data from the browser.ĭESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine.
By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow arbitrary commands to be hidden within.ĬVSS Temporal Score: See: for the current score.ĬVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)ĭESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to account for external URLs by regular expressions used to filter out forbidden properties and values from style directives in calls to console.log.
DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the improper validation of output when copying a network request from the developer tools panel as a curl command.
0 kommentar(er)
