CVE-2023-6210: When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure…

[MEDIUM] Firefox regressions Title: Firefox regressions Summary: USN-6509-1 caused some minor regressions in Firefox. USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitiv

CVE-2023-6207 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of ser

CVE-2023-6210 [MEDIUM] CVE-2023-6210: firefox - When an https: web page created a pop-up from a "javascript:" URL, that pop-up w... When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-6210 [MEDIUM] Mozilla Foundation Security Advisory 2023-49: CVE-2023-6210 Mozilla Foundation Security Advisory 2023-49 CVE: CVE-2023-6210 Product: Firefox Impact: high Fixed in: Firefox 120

CVE-2023-6206 [MEDIUM] firefox regressions firefox regressions USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Firefox incorrectly

CVE-2023-6206 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-6205) It discovered that Firefox incorrectly di

CVE-2023-6210 [MEDIUM] CVE-2023-6210: When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

CVE-2023-6210 [MEDIUM] GHSA-7mpv-6jjp-xm5c: When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

Mixed content bypass using window.open'd about:blank from http context and https iframe Mixed content bypass using window.open'd about:blank from http context and https iframe Created attachment 9304259 index.html Browser used: Firefox's latest version Hi Team, I Just Read a disclosed Chrome Report and Seems the Same Bug affecting Firefox's Latest Version. https://bugs.chromium.org/p/chromium/issues/detail?id=957002 (It is possible to Frame HTTP Site from HTTPS which is not allowed and it will throw a "Mixed Content" error) Steps to Reproduce, 1 . To demonstrate the issue, you will need 2 Websites. One with HTTP and another with HTTPS. 2. From HTTPS, You need to Open a Javascript URI with `var newWin = window.open("javascript:''","_blank");` 3. Then Call InnerHTML on `newWin` with iframe.src as HTTP Site, `newWin.document.body.innerHTML = ""` I have added the PoC URL a