Lucene search
K

9803 matches found

FreeBSD
FreeBSD
added 2010/07/20 12:0 a.m.43 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2010-34 Miscellaneous memory safety hazards rv:1.9.2.7/ 1.9.1.11 MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code executi...

9.8CVSS10.4AI score0.43382EPSS
Exploits27References14
NVD
NVD
added 2010/07/08 12:54 p.m.19 views

CVE-2010-2661

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...

4.3CVSS7.4AI score0.02272EPSS
Exploits0References9
Prion
Prion
added 2010/07/08 12:54 p.m.15 views

Design/Logic Flaw

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...

4.3CVSS6.7AI score0.02272EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2010/07/07 6:0 p.m.25 views

CVE-2010-2661

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...

7.4AI score0.02272EPSS
Exploits0References9
CVE
CVE
added 2010/07/07 6:0 p.m.51 views

CVE-2010-2661

Opera before 10.54 (Windows/Mac) and before 10.60 (Unix) does not properly restrict access to the full pathname of a file selected for upload, potentially exposing sensitive information via DOM manipulations. Affected components/versions include the described Opera releases; CVE-2010-2661 is the ...

4.3CVSS7.3AI score0.02272EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2010/07/01 12:0 a.m.44 views

Mozilla Products Multiple Vulnerabilities june-10 (Windows)

The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillaprdtsmultvulnwinjun10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilities june-10 Windows Authors: Antu Sanadi...

9.3CVSS0.4AI score0.11418EPSS
Exploits5References3
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.7 views

File inputs can disclose the path to selected files – Opera Security Advisories

File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.15 views

File inputs can disclose the path to selected files

When a file is selected in a file upload input, the path to that file is not exposed through the input's value property. This is done to protect any sensitive information which may be contained in the directory names. When manipulated by DOM this information should also not be exposed. Certain DO...

0.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/06/29 12:0 a.m.62 views

Debian DSA-2064-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0183 'wushi' discovered that incorrect pointer handling in the frame processing code could...

9.3CVSS8.9AI score0.11418EPSS
Exploits6References17
Tenable Nessus
Tenable Nessus
added 2010/06/25 12:0 a.m.248 views

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:126)

Multiple vulnerabilities has been found and corrected in mozilla-thunderbird : Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 20...

10CVSS9.2AI score0.11418EPSS
Exploits6References6
Fedora
Fedora
added 2010/06/24 4:34 p.m.37 views

[SECURITY] Fedora 13 Update: seamonkey-2.0.5-1.fc13

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

10CVSS2AI score0.11418EPSS
Exploits8
Prion
Prion
added 2010/06/24 12:30 p.m.29 views

Integer overflow

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...

9.3CVSS8.5AI score0.04879EPSS
Exploits0References27Affected Software3
UbuntuCve
UbuntuCve
added 2010/06/24 12:0 a.m.41 views

CVE-2010-1196

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...

9.3CVSS7.6AI score0.04879EPSS
Exploits0References4
CVE
CVE
added 2010/06/23 6:0 p.m.132 views

CVE-2010-1196

CVE-2010-1196 is a heap-based buffer overflow triggered by an integer overflow in nsGenericDOMDataNode::SetTextInternal. Affected products include Mozilla Firefox 3.5.x before 3.5.10, Firefox 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5, allowing remote code execution ...

9.3CVSS9.6AI score0.04879EPSS
Exploits0References27Affected Software1
RedHat Linux
RedHat Linux
added 2010/06/22 10:29 p.m.9 views

firefox: arbitrary code execution via memory corruption

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

10CVSS7.7AI score0.05773EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/06/22 9:57 p.m.5 views

firefox: arbitrary code execution via memory corruption

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

10CVSS7.7AI score0.05773EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2010/06/21 12:0 a.m.4 views

Mozilla Products Frame Comment Objects Manipulation Memory Corruption (CVE-2006-6504)

There exists a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw exists in specific dynamic manipulations of external Document Object Model DOM objects, specifically comment objects, using scripting techniques. A remote attacker can exploit this...

9.3CVSS7.3AI score0.08604EPSS
Exploits0
Packet Storm
Packet Storm
added 2010/06/16 12:0 a.m.28 views

Yahoo! Mail Cross Site Scripting

Title: Yahoo mail Dom Based Cross Site Scripting Author: Pratul Agrawal Date: 13/06/2010 Indian Hacker Service: Webmail Vendor: Yahoo mail, and possibly others Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: High Tested on: Microsoft IE 7.0 Details: Yahoo mail filte...

0.1AI score
Exploits0
NVD
NVD
added 2010/06/15 6:0 p.m.17 views

CVE-2010-2300

Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to handlers for DOM mutation...

10CVSS8.7AI score0.08919EPSS
Exploits0References7
NVD
NVD
added 2010/06/15 6:0 p.m.31 views

CVE-2010-2302

Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE:...

10CVSS8.8AI score0.02981EPSS
Exploits0References7
Rows per page
Query Builder