Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
Vulnerability Description
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla多款产品 安全漏洞
Vulnerability Description
Mozilla Firefox等都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。 Mozilla多款产品存在安全漏洞,该漏洞源于文件类型伪装。以下产品及版本受到影响:Firefox 136之前版本、Firefox ESR 128.8之前版本、Thund
CVSS Information
N/A
Vulnerability Type
N/A