3/15/2023 0 Comments Firefox focus privacy browser![]() Tracked as CVE-2023-25735, the issue would trigger a use-after-free after the unwrapping of the proxy, Mozilla says. Mozilla also resolved a vulnerability in SpiderMonkey (CVE-2023-25735) that could result in cross-compartment wrappers causing the storing of objects from other compartments in the main compartment when wrapping a scripted proxy. The browser maker also resolved an issue in Firefox Focus, where fullscreen notifications would not be shown, thus potentially allowing malicious websites to spoof the browser chrome (CVE-2023-25743).Īnother issue resolved this week can allow an attacker to craft a PKCS 12 certificate bundle so that it would allow for arbitrary memory writes via mishandling of PKCS 12 SafeBag attributes (CVE-2023-0767). Successful exploitation of the vulnerability, Mozilla explains in its advisory, could result in potential user confusion or spoofing attacks. Tracked as CVE-2023-25730, the issue exists because a background script could invoke the fullscreen mode and then block the main thread to force the mode indefinitely. ![]() ![]() The latest Firefox releases also resolve a flaw related to screen hijacking via browser fullscreen mode. Tracked as CVE-2023-25728, the first of the security defects could result in an attacker being able to leak a child iframe’s unredacted URI, provided that a redirect is triggered when interacting with that iframe. Mozilla this week announced the release of Firefox 110 and Firefox ESR 102.8 with patches for 10 high-severity vulnerabilities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |