Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ubuntu 'unity-firefox-extension' Package 跨域信息泄露漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Firefox中的unity-firefox-extension扩展2.4.1版本中的content/unity-api.js中存在漏洞,该漏洞源于程序在API调用过程中泄露了‘toDataURL’函数。通过特制的网页,远程攻击者利用该漏洞绕过同源策略进而获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A