Monthly Archive: August 2020

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to...

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary...

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This...

A unicode RTL order character in the downloaded file name can be used to change the file’s name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS...

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android....

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android....

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. Date published :...

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects...

In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn’t escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a...

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Date published : 2020-08-10 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json https://gitlab.com/gitlab-org/gitlab/-/issues/209096

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. Date published : 2020-08-10 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13294.json https://gitlab.com/gitlab-org/gitlab/-/issues/26147

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. Date published : 2020-08-10 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13293.json https://gitlab.com/gitlab-org/gitlab/-/issues/202690

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. Date published : 2020-08-10 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13292.json https://gitlab.com/gitlab-org/gitlab/-/issues/228629

flatCore before 1.5.7 allows upload and execution of a .php file by an admin. Date published : 2020-08-09 https://lists.openwall.net/full-disclosure/2020/08/07/1 https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-flatcore-cms/