rpm package
suse/MozillaFirefox&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (183)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23969 | — | < 78.8.0-3.133.1 | 78.8.0-3.133.1 | Feb 26, 2021 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintent | ||
| CVE-2021-23973 | — | < 78.8.0-3.133.1 | 78.8.0-3.133.1 | Feb 26, 2021 | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | ||
| CVE-2020-26976 | — | < 78.7.0-3.128.2 | 78.7.0-3.128.2 | Jan 7, 2021 | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affe |
- CVE-2021-23969Feb 26, 2021affected < 78.8.0-3.133.1fixed 78.8.0-3.133.1
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintent
- CVE-2021-23973Feb 26, 2021affected < 78.8.0-3.133.1fixed 78.8.0-3.133.1
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
- CVE-2020-26976Jan 7, 2021affected < 78.7.0-3.128.2fixed 78.7.0-3.128.2
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affe
Page 10 of 10