Lucene search
K

2480 matches found

FreeBSD
FreeBSD
added 2005/03/31 12:0 a.m.34 views

firefox -- PLUGINSPAGE privileged javascript execution

A Mozilla Foundation Security Advisory reports: When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute,...

7.5CVSS6.7AI score0.04106EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2005/03/23 7:14 p.m.5 views

security flaw

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive background tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."...

5CVSS5.9AI score0.03682EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/03/06 12:0 a.m.43 views

GLSA-200503-10 : Mozilla Firefox: Various vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-10 Mozilla Firefox: Various vulnerabilities The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact wit...

7.5CVSS6.1AI score0.20398EPSS
Exploits6References19
Gentoo Linux
Gentoo Linux
added 2005/03/04 12:0 a.m.80 views

Mozilla Firefox: Various vulnerabilities

Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it...

7.5CVSS7.4AI score0.20398EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2005/03/01 7:1 p.m.8 views

security flaw

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real...

5CVSS5.9AI score0.01671EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2005/03/01 7:1 p.m.4 views

security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks...

2.6CVSS5.8AI score0.01024EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2005/03/01 7:1 p.m.6 views

security flaw

Firefox before 1.0.1 allows remote attackers to spoof the 1 security and 2 download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."...

2.6CVSS5.8AI score0.02022EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/03/01 12:0 a.m.33 views

[SA13258] Mozilla / Firefox "Save Link As" Download Dialog Spoofing

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

6.8AI score
Exploits0
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.14 views

Download dialog spoofing using Content-Disposition header — Mozilla

Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...

6.7AI score
Exploits0References2Affected Software2
CVE
CVE
added 2005/02/18 5:0 a.m.53 views

CVE-2005-0243

Yahoo! Messenger 6.0.0.1750 (and potentially earlier than 6.0.0.1921) is affected by a filename spoofing vulnerability in the file transfer dialog where long filenames are not displayed correctly. This can lead users to download and open a misrepresented executable. The issue is mitigated by upda...

5CVSS6.7AI score0.01041EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.25 views

GLSA-200501-34 : Konversation: Various vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200501-34 Konversation: Various vulnerabilities Wouter Coekaerts has discovered three vulnerabilities within Konversation: The Server::parseWildcards function, which is used by the 'Quick Buttons', does not properly handle variabl...

7.5CVSS5.7AI score0.10321EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/01/29 5:0 a.m.24 views

CVE-2004-1380

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive background tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."...

6.4AI score0.03682EPSS
Exploits0References9
CVE
CVE
added 2005/01/29 5:0 a.m.66 views

CVE-2004-1380

The CVE-2004-1380 issue affects Firefox <1.0 and Mozilla

5CVSS6.4AI score0.03682EPSS
Exploits0References9Affected Software2
CVE
CVE
added 2005/01/22 5:0 a.m.46 views

CVE-2005-0131

The CVE-2005-0131 entry concerns Konversation 0.15. The Quick Connection dialog erroneously uses the user’s password as the nickname when connecting to an IRC server, which can leak the password to other users. This is tied to the Konversation IRC client and stems from the login handling in the Q...

5CVSS6.3AI score0.01797EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2005/01/19 5:0 a.m.52 views

CVE-2005-0110

In scope: CVE-2005-0110 affects Internet Explorer 6 on Windows XP SP2. The documented issue is that a web page containing a body element with an onclick tag (demonstrated via createElement) can bypass the file download warning dialog and potentially allow execution of arbitrary code by a remote a...

2.6CVSS7.7AI score0.06832EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2005/01/10 5:0 a.m.15 views

CVE-2004-1122

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314...

7.5CVSS6.4AI score0.02344EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/01/04 12:0 a.m.26 views

[Full-Disclosure] Secunia Research: Mozilla / Mozilla Firefox Download Dialog Source Spoofing

====================================================================== Secunia Research 04/01/2005 - Mozilla / Mozilla Firefox Download Dialog Source Spoofing - ====================================================================== Table of Contents Affected...

0.4AI score
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.21 views

CVE-2004-1490

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces ASCII character code 160 in the 1 Content-Disposition or 2 Content-Type headers...

2.6CVSS6.7AI score0.02451EPSS
Exploits0References6
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2227

Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions...

5CVSS6.5AI score0.01805EPSS
Exploits0References6
CERT
CERT
added 2004/12/17 12:0 a.m.15 views

Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog

Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...

6.4AI score
Exploits0References7
Rows per page
Query Builder