JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2806

CVE-2008-2806 affects Mozilla Firefox <= 2.0.0.15 and SeaMonkey

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

Mozilla Foundation Security Advisory 2008-28

Mozilla Foundation Security Advisory 2008-28 Title: Arbitrary socket connections with Java LiveConnect on Mac OS X Impact: High Announced: July 1, 2008 Reporter: Gregory Fleischer Products: Firefox, SeaMonkey Fixed in: Firefox 3.0 Firefox 2.0.0.15 SeaMonkey 1.1.10 Description Security researcher...

CVE-2008-2419

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in...

Design/Logic Flaw

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in...

CVE-2008-2419

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in...

CVE-2008-2419

The vulnerability CVE-2008-2419 affects Mozilla Firefox 2.0.0.14 . It arises from an error condition during certain Iframe operations between a JSframe write and a JSframe close , which can cause heap corruption and an application crash and may allow remote arbitrary code execution . Reported imp...

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...

Mitsubishi Electric GB-50A远程绕过认证漏洞

BUGTRAQ ID: 28406 GB-50A是三菱中央空调系统的基于浏览器的管理控制系统。 GB-50A在实现认证机制时存在漏洞，远程攻击者可能利用此漏洞非授权操作空调。 GB-50A Web控制器使用了一组Java applet进行自身交互，而这些applet之间的通讯使用一系列未经认证或加密的xml报文，如果用户知道了所控制空调组的IP地址的话，就可以执行各种非授权操作，包括开关空调或随意设置温度。 Mitsubishi Electric GB-50A Mitsubishi Electric -------------------...

Apple Safari 3.1之前版本多个安全漏洞

BUGTRAQ ID: 28290 CVECAN ID: CVE-2008-1011,CVE-2008-1010,CVE-2008-1009,CVE-2008-1008,CVE-2008-1007,CVE-2008-1006,CVE-2008-1005,CVE-2008-1004,CVE-2008-1003,CVE-2008-1002,CVE-2008-1001,CVE-2008-0050 Safari是苹果家族操作系统默认所捆绑的WEB浏览器。 Safari的3.1版修复了多个安全漏洞，具体如下： CVE-2008-0050 恶意的HTTPS代理服务器可能在502 Bad...

CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...

Untrusted Java applet can connect to localhost

Note: This advisory should have been published several months ago; apologies for the delay -- John Heasman ======= Summary ======= Name: Untrusted Java applet can connect to localhost Release Date: 29 October 2007 Reference: NGS00443 Discover: John Heasman [email protected] Vendor: Sun...

CVE-2007-5375

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation

source: https://www.securityfocus.com/bid/25340/info The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issu...

Apple Safari禁用Java偏好失败漏洞

BUGTRAQ ID: 25157 CVECAN ID: CVE-2007-2408 Safari是苹果家族操作系统默认所捆绑的WEB浏览器。 Safari在处理Java Applet的下载和执行时存在漏洞，远程攻击者可能利用此漏洞在用户浏览器中非授权执行Java Applet。 Safari提供了Enable Java偏好选项，如果取消了这个偏好的话就应禁止加载Java Applet。但默认下Safari允许下载Java Applet，因此即使取消了这个偏好仍可能在用户访问恶意网页的时候未经检查偏好便下载并执行Java Applet。 Apple Safari 3.0.2 Beta...

US-CERT Technical Cyber Security Alert TA07-193A -- Apple Releases Security Updates for QuickTime

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-193A Apple Releases Security Updates for QuickTime Original release date: July 12, 2007 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running Apple Mac OS X...