Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1419)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities : - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:3434-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ServersCheck Monitoring Software Cross-Site Scripting Vulnerability

ServersCheck Monitoring Software is a suite of browser-based network inspection tools from ServersCheck Belgium. The tool monitors, reports, and provides early warning of problems with system performance and reliability. A cross-site scripting vulnerability exists in ServersCheck Monitoring...

OPENSUSE-SU-2017:3433-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

OPENSUSE-SU-2017:3434-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...

Code-Crafters Ability Mail Server Cross-Site Scripting Vulnerability

Code-Crafters Ability Mail Server is a set of mail server software from Code-Crafters Software UK. The software provides SMTP, POP3, WebMail and other common functions, and supports remote management, virus protection, content filtering and so on. A cross-site scripting vulnerability exists in...

Vmware ESXi Host Client Cross-Site Scripting Vulnerability

VMware ESXi is a bare-metal virtualization hypervisor from VMware that is installed directly on a physical server and divides the physical server into multiple virtual machines. The program features less disk space, higher reliability and security. A cross-site scripting vulnerability exists in...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

Cross site scripting

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

October CMS Cross-Site Scripting Vulnerability (CNVD-2017-37277)

OctoberCMS is a CMS system based on Laravel PHP development framework. A cross-site scripting vulnerability exists in the brand logo image name in October CMS build 412. An attacker can exploit this vulnerability to execute JavaScript code in the victim's browser...

CVE-2017-7839

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting self-XSS attacks where users are...

CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

UBUNTU-CVE-2017-5085

Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark...