CVE-2023-21794 - Microsoft Edge (Chromium-based) Spoofing Vulnerability - How it Works and Exploit Details
---
When we talk about online safety, browsers are your biggest frontline defense. But what if that shield has a crack? That’s exactly what
CVE-2022-31744 CSS injected via internal URIs could bypass a page's Content Security Policy.
The attacker would need to host a malicious stylesheet on a malicious server—for example, if they have compromised the same server. In cases where
CVE-2022-29916 Firefox treats CSS variables differently when they are already known resources. This could be used to probe the browser history.
By default, CSS variables are not supported in Firefox. The only way to enable them is to add a userContent preference. This preference is enabled
CVE-2022-45418 If a custom mouse cursor is specified in CSS, it could be drawn over the browser UI, resulting in user confusion or spoofing attacks.
To protect against this threat, the Firefox 108 default theme has been updated to ensure that the cursor is drawn outside of the browser UI.
CVE-2022-26382 - How Firefox’s Autofill Tooltips Could Reveal Your Data via Font Attacks
Modern browsers are packed with features to help users, but sometimes these tools can accidentally expose our sensitive information. That's what happened with
Episode
00:00:00
00:00:00