Lucene search
K

9802 matches found

Mozilla
Mozilla
added 2010/04/01 12:0 a.m.49 views

Re-use of freed object due to scope confusion — Mozilla

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its ol...

10CVSS0.5AI score0.05773EPSS
Exploits1References2Affected Software3
Prion
Prion
added 2010/03/25 9:0 p.m.20 views

Design/Logic Flaw

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

10CVSS8AI score0.05773EPSS
Exploits1References24Affected Software1
Cvelist
Cvelist
added 2010/03/25 8:31 p.m.30 views

CVE-2010-1121

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

9.5AI score0.05773EPSS
Exploits1References24
UbuntuCve
UbuntuCve
added 2010/03/25 12:0 a.m.31 views

CVE-2010-1121

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

10CVSS7.5AI score0.05773EPSS
Exploits1References6
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.32 views

XSS using addEventListener and setTimeout on a wrapped object — Mozilla

Mozilla security researcher mozbugra4 reports that by using an appropriately wrapped object it was possible to bypass the fix for MFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability to perform cross-site scripting attacks against arbitrary sites as in the original MFSA 2007-19...

4.3CVSS1.3AI score0.01775EPSS
Exploits1References3Affected Software3
RedHat Linux
RedHat Linux
added 2010/03/17 1:4 p.m.4 views

Mozilla Browser engine crashes

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 the frame chain and synchronous events, 2 a SetMayHaveFrame assertion and...

10CVSS7.8AI score0.05414EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2010/03/16 12:0 a.m.43 views

Dojo Toolkit SDK 1.4.1 Cross Site Scripting

=========================================================== Multiple DOM-Based XSS in Dojo Toolkit SDK Public Release Date: 3/12/2010 Adam Bixby - Gotham Digital Science [email protected] Affected Software: Dojo Toolkit SDK = Build 1.4.1 Browser used for testing: IE8 8.0.7600.16385 Severity:...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/03/16 12:0 a.m.43 views

Dojo Toolkit SDK v1.4.1 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ========================================================== Dojo Toolkit SDK v1.4.1 Cross Site Scripting Vulnerability ========================================================== ===========================================================...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.37 views

Debian DSA-1868-1 : kde4libs - several vulnerabilities

Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers...

9.3CVSS5.9AI score0.08462EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.35 views

Debian DSA-1950-1 : webkit - several vulnerabilities

Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute...

9.3CVSS6.1AI score0.09322EPSS
Exploits18References38
OSV
OSV
added 2010/02/02 12:0 a.m.49 views

DSA-1988-1 qt4-x11 - several vulnerabilities

Bulletin has no description...

9.3CVSS6.9AI score0.29098EPSS
Exploits9
OpenVAS
OpenVAS
added 2010/01/29 12:0 a.m.40 views

Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)

Check for the Version of kdelibs4 OpenVAS Vulnerability Test Mandriva Update for kdelibs4 MDVSA-2010:027 kdelibs4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

9.3CVSS0.3AI score0.28167EPSS
Exploits57References2
seebug.org
seebug.org
added 2010/01/22 12:0 a.m.39 views

Microsoft IE克隆DOM对象内存破坏漏洞(MS10-002)

BUGTRAQ ID: 37894 CVE ID: CVE-2010-0248 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer在处理JavaScript中克隆DOM对象时存在内存破坏漏洞,特制的对象克隆序列可能导致使用已经释放的指针。攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,漏洞可能允许远程执行代码。 Microsoft Internet Explorer 8.0 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1...

9.3CVSS6.4AI score0.53085EPSS
Exploits6
securityvulns
securityvulns
added 2010/01/22 12:0 a.m.83 views

ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability

ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-014 January 21, 2010 -- CVE ID: CVE-2010-0248 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer --...

9.3CVSS0.9AI score0.53085EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2010/01/21 12:0 a.m.3 views

Internet Explorer DOM Operations Handling Memory Corruption (MS10-002; CVE-2010-0247)

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigger this issue, an attacker may create a malicious web page that will...

9.3CVSS6.9AI score0.18499EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2010/01/21 12:0 a.m.29 views

Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of cloned DOM object...

10CVSS3AI score0.53085EPSS
Exploits6References1
Fedora
Fedora
added 2009/12/24 8:37 p.m.21 views

[SECURITY] Fedora 12 Update: PyXML-0.8.4-17.fc12

An XML package for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces and an interface to the Expat parser...

4.7AI score
Exploits0
Fedora
Fedora
added 2009/12/18 4:36 a.m.32 views

[SECURITY] Fedora 12 Update: seamonkey-2.0.1-1.fc12

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

9.3CVSS2AI score0.04785EPSS
Exploits8
seebug.org
seebug.org
added 2009/12/04 12:0 a.m.42 views

Firefox Yoono扩展DOM事件处理器跨域脚本执行漏洞

BUGTRAQ ID: 37123 CVECAN ID: CVE-2009-4100 Yoono是一个简单易用的Firefox侧栏,允许用户方便的连接到Facebook、MySpace等社会网络和AIM等即时聊天工具。 Yoono在处理onLoad标签等DOM事件处理器时没有正确地过滤用户输入,用户受骗加载了恶意的RSS源就可能导致向用户浏览器中注入恶意脚本,并以chrome:权限执行。 Mozilla Yoono 6.1.1 厂商补丁: Mozilla ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

9.3CVSS6.5AI score0.03871EPSS
Exploits1
securityvulns
securityvulns
added 2009/12/02 12:0 a.m.92 views

Vulnerability Note VU#261869

Vulnerability Note VU261869 Clientless SSL VPN products break web browser domain-based security models Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...

6.8CVSS6.6AI score0.05134EPSS
Exploits0
Rows per page
Query Builder