![]() ![]() #CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain Reporter Hanno Böck Impact moderate Description #CVE-2024-0751: Privilege escalation through devtools Reporter Rob Wu Impact moderate DescriptionĪ malicious devtools extension could have been used to escalate privileges. #CVE-2024-0750: Potential permissions request bypass via clickjacking Reporter Hafiizh Impact moderate DescriptionĪ bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy. #CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set Reporter Seongil Wi Impact moderate Description #CVE-2024-0746: Crash when listing printers on Linux Reporter Cornel Ionce Impact moderate DescriptionĪ Linux user opening the print preview dialog could have caused the browser to crash. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. ![]() #CVE-2024-0742: Failure to update user input timestamp Reporter Andrew McCreight Impact high Description #CVE-2024-0741: Out of bounds write in ANGLE Reporter Renan Rios Impact high DescriptionĪn out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. Updated Februto remove CVE-2024-0749 which was inadvertently included in the original advisory. ![]() Mozilla Foundation Security Advisory 2024-02 Security Vulnerabilities fixed in Firefox ESR 115.7 Announced JanuImpact high Products Firefox ESR Fixed in ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |