3797 matches found
Apple iOS Webkit Clickjacking Vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. An unspecified clickjacking vulnerability exists in Apple iOS Webkit, which allows attackers to exploit the vulnerability to construct malicious URIs, trick users into parsing them, and redirect user...
GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201504-01 Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker...
Mozilla Products: Multiple vulnerabilities
Background Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla...
Coinbase: Sandboxed iframes don't show confirmation screen
Just like I anticipated in 2013 http://homakov.blogspot.com/2013/04/html5-sandbox-bad-idea.html sandbox was a bad idea. As a payment gateway you do your best to seamlessly integrate with your customers and allow showing checkout in iframes. To prevent basic clickjacking you have data-confirm...
Mozilla Firefox Hijacking Attack Vulnerability
Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A hijacking attack vulnerability exists in versions of Mozilla Firefox prior to 37.0, which can be exploited by remote attackers to construct malicious HTML pages, trick users into...
CVE-2015-0810
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...
Design/Logic Flaw
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...
CVE-2015-0810
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...
CVE-2015-0810
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...
CVE-2015-0810
CVE-2015-0810 affects Mozilla Firefox on macOS prior to version 37.0. The vulnerability arises when Firefox does not ensure the cursor is visible, enabling remote attackers to perform clickjacking via a Flash object in combination with layered DIV elements and crafted JavaScript that interacts wi...
FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)
The Mozilla Project reports : MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...
Firefox < 37.0 Multiple Vulnerabilities (Mac OS X)
The version of Firefox installed on the remote Mac OS X host is prior to 37.0. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protection...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...
Cursor clickjacking with flash and images — Mozilla
Security researcher Jordi Chancel reported a mechanism that made cursor invisible through flash content and then replaced it through the layering of HTML content. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickjacking during...
Websense TRITON AP-EMAIL Clickjacking Vulnerability
Websense TRITON is a unified content architecture to protect data security. A clickjacking vulnerability exists in Websense TRITON AP-EMAIL, which allows attackers to construct malicious URIs, trick users into parsing them, and spoof user communications...
CVE-2015-2765
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
Code injection
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
CVE-2015-2765
The CVE-2015-2765 entry describes a clickjacking flaw in the Email Security Gateway component of Websense TRITON AP-EMAIL prior to version 8.0.0. The root cause is unspecified in the provided text beyond the class of vulnerability (clickjacking), and there are no concrete exploit details in the c...
CVE-2015-2765
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
Chamilo LCMS Connect 4.1 Clickjacking
Hi Team, Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Clickjacking Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management...