CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to...

Ubuntu Update for firefox USN-1681-1

Check for the Version of firefox OpenVAS Vulnerability Test $Id: gbubuntuUSN16811.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for firefox USN-1681-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

USN-1681-2: Thunderbird vulnerabilities

USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Sewa...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)

USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memo...

CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)

Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attack...

Event manipulation in plugin handler to bypass same-origin policy — Mozilla

Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy SOP restrictions. This can allow for clickjacking on malicious web pages...

GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)

The remote host is affected by the vulnerability described in GLSA-201301-01 Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for...

Chrome Clickjacking Vulnerability Could Expose User Information on Google, Amazon

An apparent clickjacking, or UI redress vulnerability, in Google’s Chrome web browser could make it possible for attackers to glean users’ e-mail addresses, their first and last names and other information according to recent work done by an Italian researcher. Luca De Fulgentis, who writes about...

[SECURITY] [DSA 2591-1] mahara security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2591-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 27, 2012 http://www.debian.org/security/faq -...

Debian DSA-2591-1 : mahara - several vulnerabilities

Multiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

DSA-2591-1 mahara - several

Bulletin has no description...

CVE-2012-4609

The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Code injection

The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2012-4609

The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2012-4609

CVE-2012-4609 affects RSA NetWitness Informer web interface prior to version 2.0.5.6. The issue is a clickjacking vulnerability in the web interface that could be exploited via unspecified vectors to trick an authenticated user into executing actions. The ESA-2012-052 advisory and Red Hat/Securit...

CVE-2012-2246

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php...

CVE-2012-2246

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php...

Cross site request forgery (csrf)

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php...

CVE-2012-2246

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php...