CVE-2022-45418 If a custom mouse cursor is specified in CSS, it could be drawn over the browser UI, resulting in user confusion or spoofing attacks.
To protect against this threat, the Firefox 108 default theme has been updated to ensure that the cursor is drawn outside of the browser UI.
CVE-2022-29916 Firefox treats CSS variables differently when they are already known resources. This could be used to probe the browser history.
By default, CSS variables are not supported in Firefox. The only way to enable them is to add a userContent preference. This preference is enabled
CVE-2022-31744 CSS injected via internal URIs could bypass a page's Content Security Policy.
The attacker would need to host a malicious stylesheet on a malicious server—for example, if they have compromised the same server. In cases where
CVE-2022-4176 An out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker to exploit heap corruption via UI interactions.
This issue was fixed in version 9.5.5.5. The issue existed due to a race condition where the out of bounds write could
CVE-2022-44071 Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.
An attacker can trick a user into entering malicious code into the profile form via XSS. XSS is a type of malicious code that can
Episode
00:00:00
00:00:00