9799 matches found
[SECURITY] Fedora 8 Update: seamonkey-1.1.7-1.fc8
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
[SECURITY] Fedora 7 Update: seamonkey-1.1.7-1.fc7
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
MS Internet Explorer 6 Table.Frameset NULL Dereference Vulnerability
No description provided by source. !-- http://browserfun.blogspot.com/ The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug was found by Aviv Raff using the DOM-Hanoi fuzzer script. DOM-Hanoi works by building trees of ...
wirelessg-multi.txt
http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs The following vulns were found on 24 June 2007 and were tested against firmware V1.00.06. The specific persistent XSS holes mentioned in this advisory were fixed by Cisco on firmware versio...
Ubuntu 6.06 LTS : firefox vulnerabilities (USN-327-1)
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811,...
[SECURITY] Fedora 8 Update: seamonkey-1.1.5-2.fc8
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
security flaw
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client...
openSUSE 10 Security Update : seamonkey (seamonkey-1952)
This security update brings Mozilla SeaMonkey to version 1.0.4. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference...
Vulnerability in Joomla!
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Joomla!. XSS: Уязвимость в поиске по сайту в параметре searchword. Дыра является DOM based XSS. http://site/index.php?option=comsearch&searchword=';alert'XSS'// Для исполнения кода, пользователь должен сменить...
Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net
On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...
[SECURITY] Fedora 7 Update: seamonkey-1.1.3-1.fc7
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
Security on AIR: Local file access through JavaScript
Hi! It's just a very first look to AIR Adobes Integrated Runtime and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. What is AIR? Quote from Adobe: "Adobe Integrated Runtime AIR is a cross- operating system runtime that allows you to...
Code injection
Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks...
FireBug storm out of a serious vulnerability-a vulnerability warning-the black bar safety net
FireBug is a very useful JavaScript and DOM to view the debugging tools, is Firefox a plugin. Can to http://addons.mozilla.org go and download it. Debug code when you can use the following statement: The CODE: console. log'scriptalert...' Copy to clipboard While eliminating the need to write your...
CVE-2007-2060
Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM...
Cross site scripting
Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM...
CVE-2007-1947
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by...
Cross site scripting
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by...
CVE-2007-1947
Affected software: Firebug extension for Mozilla Firefox (DOM templates used by console.log, domplates). Vulnerability: Cross-zone scripting via overwriting toString in anonymous functions within domplates, enabling bypass of zone restrictions and potential read of file:// URIs or code execution ...
FireBug 跨站脚本执行漏洞
BUGTRAQ ID: 23315 FireBug是一个非常实用的JavaScript以及DOM查看调试工具,是Firefox的一个插件。 FireBug的对脚本代码的处理实现上存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行恶意脚本代码。 在浏览器中远程脚本是受到沙盒限制的,也就是任何http:或https:前缀的URL都是安全的。浏览器扩展使用chrome: protocol,这个协议不受任何限制,因此浏览器扩展都是受信任的。如果远程脚本诱骗浏览器对chrome:执行JavaScript表达式的话,这个脚本就可以完全控制整个chrome及操作系统,因为命令执行和读写访问都是允许的。...