15 matches found
MiracleLinux 3 : firefox-3.6.4-8.0.1.AXS3 (AXSA:2010-370:04)
The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-370:04 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...
CVE-2008-5915
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing...
RHEL 4 : seamonkey (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - mozilla: in-session phishing attack CVE-2008-5913 Note that Nessus has not tested for this issue but has instead...
SUSE CVE-2010-3171
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acti...
Mandriva Linux Security Advisory : firefox (MDVSA-2010:125)
Security issues were identified and fixed in firefox : An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a website, which makes it easier for remote attackers to trick a user into acting upon a...
mozilla: in-session phishing attack
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a...
Information disclosure
An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session...
CVE-2008-5912
An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session...
CVE-2008-5914
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing...
Information disclosure
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing...
CVE-2008-5914
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing...
CVE-2008-5915
CVE-2008-5915 concerns Google Chrome’s JavaScript implementation where an unspecified function creates and exposes a 'temporary footprint' during an active login, enabling in-session phishing via spoofed pop-ups. The sources describe the issue but provide no actionable details (no disclosure of f...
CVE-2008-5912
CVE-2008-5912 is an information-disclosure issue affecting Microsoft Internet Explorer. Connected scanners describe an IE information-disclosure vulnerability where a JavaScript-related function exposes a “temporary footprint” during an active user login, which could ease in-session phishing by p...
CVE-2008-5914
The CVE-2008-5914 entry describes an Apple Safari JavaScript Engine cross-domain information disclosure. The vulnerability arises from an unspecified function in Safari’s JavaScript implementation that creates and exposes a “temporary footprint” when there is an active login to a site, enabling i...
CVE-2008-5912
An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session...