Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38082 | 1 Microsoft | 2 Edge, Edge Chromium | 2024-08-07 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2007-6591 | 1 Kde | 1 Konqueror | 2024-08-07 | N/A |
| KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | ||||
| CVE-2014-7899 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
| Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. | ||||
| CVE-2016-9473 | 1 Brave | 1 Browser | 2024-08-06 | 4.7 Medium |
| Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. | ||||
| CVE-2016-9468 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-08-06 | N/A |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. | ||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-08-06 | N/A |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||
| CVE-2016-9460 | 2 Nextcloud, Owncloud | 2 Nextcloud, Owncloud | 2024-08-06 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||
| CVE-2017-0888 | 1 Nextcloud | 2 Nextcloud, Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | ||||
| CVE-2018-18509 | 2 Mozilla, Redhat | 2 Thunderbird, Enterprise Linux | 2024-08-05 | N/A |
| A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1. | ||||
| CVE-2018-12381 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-08-05 | N/A |
| Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62. | ||||
| CVE-2018-12382 | 2 Google, Mozilla | 2 Android, Firefox | 2024-08-05 | N/A |
| The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.* | ||||
| CVE-2018-5174 | 2 Microsoft, Mozilla | 5 Windows 10, Firefox, Firefox Esr and 2 more | 2024-08-05 | N/A |
| In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | ||||
| CVE-2018-5165 | 1 Mozilla | 1 Firefox | 2024-08-05 | 5.3 Medium |
| In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5173 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | N/A |
| The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5117 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-08-05 | N/A |
| If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | ||||
| CVE-2019-11754 | 1 Mozilla | 1 Firefox | 2024-08-04 | 4.3 Medium |
| When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1. | ||||
| CVE-2019-6109 | 9 Canonical, Debian, Fedoraproject and 6 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-08-04 | 6.8 Medium |
| An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | ||||
| CVE-2019-6110 | 4 Netapp, Openbsd, Siemens and 1 more | 9 Element Software, Ontap Select Deploy, Storage Automation Store and 6 more | 2024-08-04 | 6.8 Medium |
| In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | ||||
| CVE-2020-26953 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-04 | 4.3 Medium |
| It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | ||||
| CVE-2020-15665 | 1 Mozilla | 1 Firefox | 2024-08-04 | 4.3 Medium |
| Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. | ||||