CVE-2022-32308

Опубликовано: 13 июл. 2022

Источник: debian

Описание

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ublock-origin	fixed	1.42.0+dfsg-1		package
ublock-origin	fixed	1.42.0+dfsg-1~deb11u1	bullseye	package
ublock-origin	fixed	1.42.0+dfsg-1~deb10u1	buster	package

Примечания

https://github.com/uBlockOrigin/uBlock-issues/issues/1992
https://github.com/gorhill/uBlock/commit/e1e2ba3d5d00112f74464ddcc9f561f065dd3623 (1.41.5b2)
https://github.com/gorhill/uBlock/commit/60072e7996e58cd7cca5186fde742d83cc6a612c (1.41.7b0)

Связанные уязвимости

CVE-2022-32308

CVSS3: 6.1

ubuntu

больше 3 лет назад

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.

CVE-2022-32308

CVSS3: 6.1

nvd

больше 3 лет назад

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.

GHSA-756h-ggr3-6vcj

CVSS3: 6.1

github

больше 3 лет назад

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.