CVE-2008-1080

Opera before 9.26 is affected by CVE-2008-1080, CVE-2008-1081, and CVE-2008-1082. The issues stem from input handling in file form fields, image comments, and DOM attribute value representation in imported XML documents, allowing a remote attacker to trigger file path manipulation, script executi...

Opera Web浏览器9.26修复多个安全漏洞

BUGTRAQ ID: 27901 Opera是一款流行的WEB浏览器，支持多种平台。 Opera Web浏览器的9.26之前版本中存在多个安全漏洞，可能允许恶意用户执行跨站脚本攻击、泄露敏感信息或绕过某些安全限制。 1 当用户键入文件输入时，脚本可能导致忽略一些键盘动作。如果脚本能够诱骗用户相信正在键入正常的文件输入，而不让用户看到已经忽略了键盘动作，就可能导致输入指向计算机上的文件路径，然后在未经用户交互的情况下上传文件。 2 图形属性中可能包含有自定义标注。在显示图形属性时，Opera可能将这些标注处理为脚本，导致在错误的安全环境中运行脚本。 3...

Debian DSA-1489-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul...

Mozilla Foundation Security Advisory 2008-02

Mozilla Foundation Security Advisory 2008-02 Title: Multiple file input focus stealing vulnerabilities Impact: Moderate Announced: February 7, 2008 Reporter: hong, Gregory Fleischer Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.12 SeaMonkey 1.1.8 Description Security researchers hong and...

CVE-2008-0414

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."...

CVE-2008-0414

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."...

CVE-2008-0414

Mozilla Firefox <=2.0.0.11/SeaMonkey

SeaMonkey < 1.1.8 Multiple Vulnerabilities

Binary data 4366.prm...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. MFSA 2007-26 / CVE-2007-3844 Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : seamonkey (seamonkey-4596)

This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

CVE-2004-0759

CVE-2004-0759 affects Mozilla prior to version 1.7. The flaw lets a remote server read arbitrary files by JavaScript setting the value of an input type="file" element. Multiple OpenVAS entries and vendor advisories corroborate Mozilla involvement, but no specific exploit details or patch versions...

Solaris 9 rcp buffer overflow

Buffer overflow on long hostname:filename...

Opera 6.0.1/6.0.2 - Arbitrary File Disclosure

source: https://www.securityfocus.com/bid/4834/info A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking no file has been specified. This i...

Opera 6.0.16.0.2 - Arbitrary File Disclosure

Opera 6.0.16.0.2 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/4834/info A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera int...