CVSS评分在区间 [4,6.9] 的搜索结果 (47807)

CVE-2018-5100(发布:2018-06-11 17:29:12)NM
CVSS5.0

[原文]A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2018-5101(发布:2018-06-11 17:29:12)NM
CVSS5.0

[原文]A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2017-7842(发布:2018-06-11 17:29:11)NMP
CVSS5.0

[原文]If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.

CVE-2017-7837(发布:2018-06-11 17:29:11)NMP
CVSS5.0

[原文]SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.

CVE-2017-7838(发布:2018-06-11 17:29:11)NMP
CVSS5.0

[原文]Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.

CVE-2017-7839(发布:2018-06-11 17:29:11)NMP
CVSS4.3

[原文]Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.

首页上一页345678910下一页尾页 第5页 / 共7968页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站