Firefox arbitrary code execution flaw

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

Firefox arbitrary code execution flaw

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

CVE-2009-1684

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next...

CVE-2009-1684

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next...

Code injection

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...

CVE-2009-1828

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...

CVE-2009-1828

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...

Cross site scripting

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

F5 FirePass Content Inspection Management XSS

F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...

f5firepass-xss.txt

F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...

security flaw

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."...

security flaw

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."...

security flaw

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."...

Mozilla Foundation Security Advisory 2007-21

Mozilla Foundation Security Advisory 2007-21 Title: Privilege escallation using an event handler attached to an element not in the document Impact: Critical Announced: July 17, 2007 Reporter: mozbugra4 Products: Firefox Fixed in: Firefox 2.0.0.5 Description An attecker can use an element outside ...

CVE-2007-3737

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."...

CVE-2007-3737

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."...

Privilege escallation using an event handler attached to an element not in the document — Mozilla

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges...

CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...