|
250021
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This acces…
|
NVD-CWE-Other
|
CVE-2024-9393
|
2024-10-31 02:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250022
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121.…
|
NVD-CWE-noinfo
|
CVE-2024-8388
|
2024-10-31 02:35 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250023
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
|
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130…
|
CWE-601
Open Redirect
|
CVE-2024-8386
|
2024-10-31 02:35 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250024
|
8.8 |
HIGH
Network
|
mozilla
|
firefox_esr
firefox
|
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to…
|
NVD-CWE-noinfo
|
CVE-2024-8382
|
2024-10-31 02:35 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250025
|
7.5 |
HIGH
Network
|
mozilla
|
firefox_esr
firefox
|
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-re…
|
NVD-CWE-noinfo
|
CVE-2024-8383
|
2024-10-31 02:35 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250026
|
4.3 |
MEDIUM
Network
|
apple
|
ipados
iphone_os
watchos
visionos
tvos
safari
macos
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Proces…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-44244
|
2024-10-31 02:31 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250027
|
5.5 |
MEDIUM
Local
|
apple
|
macos
iphone_os
ipados
watchos
visionos
tvos
|
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ven…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-44239
|
2024-10-31 02:30 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250028
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpect…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-44236
|
2024-10-31 02:28 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250029
|
3.3 |
LOW
Local
|
apple
|
macos
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-44222
|
2024-10-31 02:25 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250030
|
7.8 |
HIGH
Local
|
apple
|
iphone_os
ipados
macos
|
This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. Processing a maliciously crafted file may lead to he…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-44218
|
2024-10-31 02:24 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
