CVE-2022-22759 An iframe with sandboxed scripts wouldn't allow scripts if a document append element has a JavaScript event handler.
An iframe can have an event handler that runs scripts on the iframe's parent. The event can be prevented from running by blocking
CVE-2022-36315 Subresource Integrity protects against script reuse when an injection attack occurs.
If the integrity service is enabled for a script, it can be triggered by injecting a fake script that appears to come from a trusted
CVE-2022-29914 Reusing existing popups could have allowed for browser spoofing attacks.
Thunderbird and Firefox are not vulnerable if they are using the --force-fullscreen command line argument. All versions of the browser are vulnerable to clickjacking if
CVE-2022-22743 An attacker-controlled tab could make the browser unable to leave fullscreen mode.
Firefox users that are relying on Google Chrome or Microsoft Edge to view sites that have been changed to require full-screen mode are advised to
CVE-2022-43548 An OS command injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed due to IsIPAddress not properly checking if an IP address is invalid.
The issue can be exploited by an attacker via a remote code execution attack. The vulnerability can be exploited by an attacker to execute arbitrary
Episode
00:00:00
00:00:00