14 matches found
EUVD-2012-1964
Malware in sbrugna...
SUSE CVE-2012-3988
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScree...
SUSE CVE-2015-1300
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...
SUSE CVE-2016-1965
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property...
Vulnerability of Firefox and Firefox ESR browsers, which allows a hacker to forge the address bar
The vulnerability of Firefox and Fierfox ESR is related to errors in the implementation of functions for returning to the original page. Exploiting this vulnerability allows a malicious actor to manipulate the URL by using the history.back method and the location.protocol property...
The vulnerability of the Firefox browser allows a perpetrator to obtain confidential information or circumvent existing access restrictions policies.
The vulnerability of Firefox browsers relates to the insufficient restrictions on the use of the IFrame mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions or obtain confidential information by using specially crafted JavaScript code that...
DEBIAN-CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
DEBIAN-CVE-2016-1965
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property...
The vulnerability of the Firefox browser allows a perpetrator to obtain confidential information or circumvent existing access restrictions policies.
The vulnerability of Firefox browsers is related to an improper restriction on access to the IFrame Resource Timing API. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions or obtain confidential information by using specially crafted JavaScript code...
UBUNTU-CVE-2015-7207
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...
chromium-browser: Information leak in Blink
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...
Mozilla: Spoofing issue with location (MFSA 2012-45)
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls...
Mozilla: Spoofing issue with location (MFSA 2012-45)
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls...
Mozilla SSL spoofing with history.back() and history.forward()
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and...