Cross site scripting

The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...

CVE-2012-3442

The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...

CVE-2012-3442

The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...

Firefox < 14.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 14.0 and thus, is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. CVE-2012-1948, CVE-2012-1949 - An error related to drag and drop can all...

Mozilla: XSS and code execution through data: URLs (MFSA 2012-46)

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

XSS through data: URLs — Mozilla

Mozilla security researcher mozbugra4 reported a cross-site scripting XSS attack through the context menu using a data: URL. In this issue, context menu functionality "View Image", "Show only this frame", and "View background image" are disallowed in a javascript: URL but allowed in a data: URL,...

JavaScript Switcharoo Proof Of Concept

/ Another whimsical browser proof-of-concept: http://lcamtuf.coredump.cx/switch/ It seems that relatively few people realize that holding a JavaScript handle to another window either because we opened it, or because the window was at some point displaying our content allows the attacker to tamper...

Opera Web Browser未明跨站脚本漏洞

Bugtraq ID: 48500 Opera是一款流行的WEB浏览器。 当处理"data" URL机制时存在错误，没有针对URI做强制的安全上下文继承，允许URI与其他页和源代码页面交互。可造成跨站脚本攻击。 Opera Software Opera Web Browser 11.11 Opera Software Opera Web Browser 11.01 Opera Software Opera Web Browser 11.00 Opera Software Opera Web Browser 10.63 Opera Software Opera Web Browser...

JVN#09157962: SquirrelMail vulnerable to cross-site scripting

SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser...

Mozilla Foundation Security Advisory 2010-79

Mozilla Foundation Security Advisory 2010-79 Title: Java security bypass from LiveConnect loaded via data: URL meta refresh Impact: Critical Announced: December 9, 2010 Reporter: Gregory Fleischer Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.13 Firefox 3.5.16 SeaMonkey 2.0.11 Description...

data: URL meta refresh (MFSA 2010-79)

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...

data: URL meta refresh (MFSA 2010-79)

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...

Java security bypass from LiveConnect loaded via data: URL meta refresh — Mozilla

Security researcher Gregory Fleischer reported that when a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read loca...

CVE-2010-2770

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted font in a data...

Memory corruption

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted font in a data...

Crash on Mac using fuzzed font in data: URL — Mozilla

Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim's computer...

Office^2 iPhone - .XLS Denial of Service

Office^2 iPhone - .XLS Denial of Service I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications f...

FreeBSD : opera -- multiple vulnerabilities (12d266b6-363f-11dc-b6c9-000c6ec775d9)

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability : Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern...

data: URLs can spoof trusted trusted sites

data: URLs embed data inside them, instead of linking to an externalresource. Opera can mistakenly display the end of a data URL insteadof the beginning. This allows an attacker to spoof the URL of atrusted site...

Opera/Konqueror URL spoofing

By using data: URL it's possible to spoof page location...