Lucene search
K

9799 matches found

Prion
Prion
added 2007/04/06 12:19 a.m.15 views

Cross site scripting

Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...

6.8CVSS7.3AI score0.0504EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2007/04/06 12:0 a.m.28 views

CVE-2007-1878

Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...

6.9AI score0.0504EPSS
Exploits1References10
CVE
CVE
added 2007/04/06 12:0 a.m.79 views

CVE-2007-1878

CVE-2007-1878 describes a Cross-zone scripting weakness in the DOM templates (domplates) used by Firebug’s console.log in Firefox, allowing remote execution by bypassing zone restrictions and reading file:// URIs via the runFile path, due to lack of HTML escaping in the property name. It affects ...

6.8CVSS6.9AI score0.0504EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2007/02/26 5:28 p.m.21 views

CVE-2007-1092

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects...

9.3CVSS7.4AI score0.07069EPSS
Exploits1References28
Prion
Prion
added 2007/02/26 5:28 p.m.19 views

Memory corruption

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects...

9.3CVSS7.5AI score0.07069EPSS
Exploits1References28Affected Software2
Prion
Prion
added 2007/02/26 5:28 p.m.21 views

Code injection

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client...

6.8CVSS6.3AI score0.0219EPSS
Exploits0References56Affected Software2
CVE
CVE
added 2007/02/26 5:0 p.m.104 views

CVE-2007-1095

This CVE (CVE-2007-1095) concerns Mozilla Firefox < 2.0.0.8 and SeaMonkey

6.8CVSS6.2AI score0.0219EPSS
Exploits0References56Affected Software1
Cvelist
Cvelist
added 2007/02/26 5:0 p.m.22 views

CVE-2007-1095

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client...

6.2AI score0.0219EPSS
Exploits0References56
securityvulns
securityvulns
added 2007/02/15 12:0 a.m.37 views

Firefox: serious cookie stealing / same-domain bypass vulnerability

There is a serious vulnerability in Mozilla Firefox, tested with 2.0.0.1, but quite certainly affecting all recent versions. The problem lies in how Firefox handles writes to the 'location.hostname' DOM property. It is possible for a script to set it to values that would not otherwise be accepted...

Exploits0
Cent OS
Cent OS
added 2006/12/20 3:44 p.m.74 views

devhelp, seamonkey security update

CentOS Errata and Security Advisory CESA-2006:0759 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open sour...

9.3CVSS6.4AI score0.08604EPSS
Exploits0References9
seebug.org
seebug.org
added 2006/11/07 12:0 a.m.15 views

PHPAdventure 1.1 (ad_main.php) Remote File Include Vulnerability

No description provided by source. D.O.M TEAM Bug found: HER0 cms: PHPAdventure type: rfi risk: High download:http://prdownloads.sourceforge.net/phpadventure/phpadv11.tar.gz contac:[email protected] nota: all the versions of PHPAdventure is affected.. line of the code: ?php $stage = 1;...

7.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2006/08/03 12:0 a.m.47 views

Mozilla Thunderbird: Multiple vulnerabilities

Background The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL XML User Interface Language. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that...

7.5CVSS7.4AI score0.0747EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2006/08/02 6:39 p.m.4 views

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting XSS attacks using DOM methods of the top-level object...

5.8CVSS7.3AI score0.02316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/08/02 6:39 p.m.4 views

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

9.3CVSS7.7AI score0.0696EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/07/29 12:16 a.m.5 views

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

9.3CVSS7.7AI score0.0696EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/07/28 11:22 p.m.3 views

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting XSS attacks using DOM methods of the top-level object...

5.8CVSS7.3AI score0.02316EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2006/07/27 8:4 p.m.27 views

CVE-2006-3802

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting XSS attacks using DOM methods of the top-level object...

5.8CVSS5.9AI score0.02316EPSS
Exploits0References4
OSV
OSV
added 2006/07/27 8:4 p.m.1 views

DEBIAN-CVE-2006-3802

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting XSS attacks using DOM methods of the top-level object...

5.8CVSS7.7AI score0.02316EPSS
Exploits0References1
CVE
CVE
added 2006/07/27 8:0 p.m.99 views

CVE-2006-3802

CVE-2006-3802 affects Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3. The issue is that remote attackers can hijack native DOM methods from objects in another domain to conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. Th...

5.8CVSS5.4AI score0.02316EPSS
Exploits0References56Affected Software3
Debian CVE
Debian CVE
added 2006/07/27 8:0 p.m.26 views

CVE-2006-3802

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting XSS attacks using DOM methods of the top-level object...

5.8CVSS5.6AI score0.02316EPSS
Exploits0
Rows per page
Query Builder