漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction
Vulnerability Description
Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link to a file URL that can load with System privileges when opened through either context-menu item and bypass the content-to-file security check that blocks an ordinary click. This issue is fixed in version 1.21.5b.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
Zen 权限许可和访问控制问题漏洞
Vulnerability Description
Zen Zen是Zen团队的一款集成服务器与网络功能的设备。 Zen 1.21.5b之前版本存在权限许可和访问控制问题漏洞,该漏洞源于glance和split-view上下文菜单操作中,使用System权限加载页面控制的链接URL,可能导致恶意网页通过链接绕过内容到文件的安全检查。
CVSS Information
N/A
Vulnerability Type
N/A