2480 matches found
firefox -- PLUGINSPAGE privileged javascript execution
A Mozilla Foundation Security Advisory reports: When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute,...
security flaw
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive background tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."...
GLSA-200503-10 : Mozilla Firefox: Various vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200503-10 Mozilla Firefox: Various vulnerabilities The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact wit...
Mozilla Firefox: Various vulnerabilities
Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it...
security flaw
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real...
security flaw
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks...
security flaw
Firefox before 1.0.1 allows remote attackers to spoof the 1 security and 2 download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."...
[SA13258] Mozilla / Firefox "Save Link As" Download Dialog Spoofing
---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...
Download dialog spoofing using Content-Disposition header — Mozilla
Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...
CVE-2005-0243
Yahoo! Messenger 6.0.0.1750 (and potentially earlier than 6.0.0.1921) is affected by a filename spoofing vulnerability in the file transfer dialog where long filenames are not displayed correctly. This can lead users to download and open a misrepresented executable. The issue is mitigated by upda...
GLSA-200501-34 : Konversation: Various vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200501-34 Konversation: Various vulnerabilities Wouter Coekaerts has discovered three vulnerabilities within Konversation: The Server::parseWildcards function, which is used by the 'Quick Buttons', does not properly handle variabl...
CVE-2004-1380
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive background tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."...
CVE-2004-1380
The CVE-2004-1380 issue affects Firefox <1.0 and Mozilla
CVE-2005-0131
The CVE-2005-0131 entry concerns Konversation 0.15. The Quick Connection dialog erroneously uses the user’s password as the nickname when connecting to an IRC server, which can leak the password to other users. This is tied to the Konversation IRC client and stems from the login handling in the Q...
CVE-2005-0110
In scope: CVE-2005-0110 affects Internet Explorer 6 on Windows XP SP2. The documented issue is that a web page containing a body element with an onclick tag (demonstrated via createElement) can bypass the file download warning dialog and potentially allow execution of arbitrary code by a remote a...
CVE-2004-1122
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314...
[Full-Disclosure] Secunia Research: Mozilla / Mozilla Firefox Download Dialog Source Spoofing
====================================================================== Secunia Research 04/01/2005 - Mozilla / Mozilla Firefox Download Dialog Source Spoofing - ====================================================================== Table of Contents Affected...
CVE-2004-1490
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces ASCII character code 160 in the 1 Content-Disposition or 2 Content-Type headers...
CVE-2004-2227
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions...
Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog
Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...