9803 matches found
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2010-34 Miscellaneous memory safety hazards rv:1.9.2.7/ 1.9.1.11 MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code executi...
CVE-2010-2661
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...
Design/Logic Flaw
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...
CVE-2010-2661
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...
CVE-2010-2661
Opera before 10.54 (Windows/Mac) and before 10.60 (Unix) does not properly restrict access to the full pathname of a file selected for upload, potentially exposing sensitive information via DOM manipulations. Affected components/versions include the described Opera releases; CVE-2010-2661 is the ...
Mozilla Products Multiple Vulnerabilities june-10 (Windows)
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillaprdtsmultvulnwinjun10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilities june-10 Windows Authors: Antu Sanadi...
File inputs can disclose the path to selected files – Opera Security Advisories
File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...
File inputs can disclose the path to selected files
When a file is selected in a file upload input, the path to that file is not exposed through the input's value property. This is done to protect any sensitive information which may be contained in the directory names. When manipulated by DOM this information should also not be exposed. Certain DO...
Debian DSA-2064-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0183 'wushi' discovered that incorrect pointer handling in the frame processing code could...
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:126)
Multiple vulnerabilities has been found and corrected in mozilla-thunderbird : Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 20...
[SECURITY] Fedora 13 Update: seamonkey-2.0.5-1.fc13
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
Integer overflow
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...
CVE-2010-1196
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...
CVE-2010-1196
CVE-2010-1196 is a heap-based buffer overflow triggered by an integer overflow in nsGenericDOMDataNode::SetTextInternal. Affected products include Mozilla Firefox 3.5.x before 3.5.10, Firefox 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5, allowing remote code execution ...
firefox: arbitrary code execution via memory corruption
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...
firefox: arbitrary code execution via memory corruption
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...
Mozilla Products Frame Comment Objects Manipulation Memory Corruption (CVE-2006-6504)
There exists a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw exists in specific dynamic manipulations of external Document Object Model DOM objects, specifically comment objects, using scripting techniques. A remote attacker can exploit this...
Yahoo! Mail Cross Site Scripting
Title: Yahoo mail Dom Based Cross Site Scripting Author: Pratul Agrawal Date: 13/06/2010 Indian Hacker Service: Webmail Vendor: Yahoo mail, and possibly others Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: High Tested on: Microsoft IE 7.0 Details: Yahoo mail filte...
CVE-2010-2300
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to handlers for DOM mutation...
CVE-2010-2302
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE:...