3796 matches found
Mozilla Thunderbird < 24.1 Multiple Vulnerabilities
Binary data 8046.prm...
SeaMonkey < 2.22 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 2.22 and is, therefore, potentially affected by the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...
Firefox < 25.0 Multiple Vulnerabilities
The installed version of Firefox is earlier than 25.0 and is, therefore, potentially affected by the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...
CVE-2013-5593
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
CVE-2013-5593
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
Hardcoded credentials
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
CVE-2013-5593
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
CVE-2013-5593
The CVE-2013-5593 issue affects Mozilla Firefox (and related Mozilla products) where the SELECT element’s handling of HTML in dropdowns did not properly restrict content, allowing remote attackers to spoof the address bar or perform clickjacking via navigation-redirect vectors. Affected products/...
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2009-1)
Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...
USN-2009-1: Firefox vulnerabilities
Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...
Spoofing addressbar though SELECT element — Mozilla
Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks...
CVE-2013-5593
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
Admanager Plus Online Demo XSS / CSRF / Clickjacking
=============================================================================================== ADMANAGER PLUS ON-LINE DEMO Cross Site Scripting / Directory Listing / CSRF / ClickJacking UI redressing ===============================================================================================...
Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20130930)
It was discovered that the Samba Web Administration Tool SWAT did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. CVE-2013-0213 A flaw was found in the...
CVE-2013-5523
The Sponsor Portal in Cisco Identity Services Engine ISE 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS"...
Cross site scripting
The Sponsor Portal in Cisco Identity Services Engine ISE 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS"...
CVE-2013-5523
The Sponsor Portal in Cisco Identity Services Engine ISE 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS"...
CVE-2013-5523
CVE-2013-5523 concerns the Sponsor Portal of Cisco Identity Services Engine (ISE) 1.2 and earlier, where insufficient protection of IFRAME elements allows cross-frame scripting (XFS) and clickjacking via a user‑directed attacker page. The root cause is inadequate HTML iframe protection in the Spo...
Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability
A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...
CVE-2013-3895
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."...