9799 matches found
CVE-2005-1160
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...
CVE-2005-1160
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...
Important: Red Hat Security Advisory: Mozilla security update
Updated mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Vladimir V...
security flaw
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...
security flaw
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...
Important: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Vladimir V. Perepelitsa discovered a bug in the way Firefox handles...
CVE-2005-1160
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...
Privilege escalation via DOM property overrides — Mozilla
mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code "chrome" being overly trusting of DOM...
mozilla -- privilege escalation via DOM property overrides
A Mozilla Foundation Security Advisory reports: mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileg...
CVE-2004-1173
Internet Explorer 6 contains a vulnerability where remote attackers can bypass the popup blocker using DOM methods in the DHTML Editing Component (DEC) and showModalDialog calls. Root cause: the DHTML Editing Component/DEC enables a bypass via its DOM API. Impact described as bypassing the popup ...
Scripting for the scriptless with OWC in IE (GM#005-IE)
GreyMagic Security Advisory GM005-IE ===================================== By GreyMagic Software, Israel. 08 Apr 2002. Available in HTML format at http://security.greymagic.com/adv/gm005-ie/. Topic: Scripting for the scriptless with OWC in IE. Discovery date: 10 Mar 2002. Affected applications:...
CVE-2000-0958
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window...
CVE-2000-0958
CVE-2000-0958 concerns HotJava Browser 3.0, where remote attackers can access the DOM of a web page by opening a javascript: URL in a named window. The available documents identify the affected product and the basic interaction (javascript: URLs and window naming) but do not provide deeper root-c...
CVE-2000-0958
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window...
Sun HotJava Browser 3 - Arbitrary DOM Access
Sun HotJava Browser 3 - Arbitrary DOM Access source: https://www.securityfocus.com/bid/1837/info A malicious website operator may be able to obtain cookies from a target system browsing with Sun HotJava Browser. The Document Object Model DOM of arbitrary URLs can be accessed if a specially formed...
IE5.5 window.externalNavigateAndFind security vulnerability....
Multiple security vulnerabilities found in window.external.NavigateAndFind function in IE5.5... After the most recent patches applied the vulnerabilities seem to persist.. Actually there is no current issues discussed at microsft website... Microsoft has been notified about the problem via email...
CVE-2000-0266
The CVE-2000-0266 entry describes a vulnerability in Internet Explorer 5.01 where a malicious applet can bypass the cross-frame security policy by interacting with the Java JSObject to modify DOM properties, allowing an IFRAME to load an arbitrary JavaScript URL. This reveals a client-side cross-...
CVE-2000-0266
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL...
ie5.cross-frame.txt
Georgi Guninski security advisory 4, 2000 IE 5 security vulnerablity - circumventing Cross-frame security policy and accessing the DOM of "old" documents. Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies,...