An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.Īn issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Firefox MLoadTypedArrayElementHole, an incorrect AliasSet was used. This could have been leveraged to execute arbitrary code. Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |