Day: Haziran 2, 2023

CVE-2023-1297

Consul and Consul Enterprise’s cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could…

Devamını oku

CVE-2023-25737

An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR…

Devamını oku

CVE-2023-25735

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after…

Devamını oku

CVE-2023-25734

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from…

Devamını oku

CVE-2023-25732

When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of…

Devamını oku

CVE-2023-25730

A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or…

Devamını oku

CVE-2023-25729

Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This…

Devamını oku

CVE-2023-25728

The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe’s unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects…

Devamını oku