Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox 输入验证错误漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 存在输入验证错误漏洞,该漏洞通过嵌入一个触发身份验证流的图像,图像URL可以包含一个用于接管用户帐户的身份验证令牌。攻击者通过某个网站欺骗用户复制粘贴图像链接到页面中,该页面将能够窃取认证标记。
CVSS Information
N/A
Vulnerability Type
N/A