mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Mozilla Firefox <= 1.0.4 "Set As Wallpaper" Code Execution Exploit

No description provided by source. // Exploit by Michael Krax !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" html head titleFirewalling - Proof-of-Concept/title script function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the...

Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability

Description Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input. Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary...

Debian Security Advisory DSA 1192-1 (mozilla)

The remote host is missing an update to mozilla announced via advisory DSA 1192-1. Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro...

Debian Security Advisory DSA 051-1 (netscape)

The remote host is missing an update to netscape announced via advisory DSA 051-1. OpenVAS Vulnerability Test $Id: deb0511.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 051-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1224-1 (mozilla)

The remote host is missing an update to mozilla announced via advisory DSA 1224-1. Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-4310 Tomas Kempinsky...

Debian Security Advisory DSA 051-1 (netscape)

The remote host is missing an update to netscape announced via advisory DSA 051-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : Security update for (ZYPP Patch Number 2088)

This security update brings Mozilla Firefox to version 1.5.0.7. More details can be found on: http://www.mozilla.org/projects/security/known-vulnerabiliti es.html It includes fixes to the following security problems : - Crashes with evidence of memory corruption MFSA 2006-63 / CVE-2006-4570:...

Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-352-1)

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. CVE-2006-4253,...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed...

openSUSE 10 Security Update : seamonkey (seamonkey-2098)

This security update brings Mozilla SeaMonkey to version 1.0.5. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory corruption MFSA...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2100)

This security update brings Mozilla Thunderbird to version 1.5.0.7. More Details can be found on this page: http://www.mozilla.org/projects/security/known-vulnerabilities.html It includes fixes to the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory...

Insanely simple blog - Multiple vulnerabilities

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

isb05-sql.txt

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities

Description Akamai Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting these issues allows remote attackers to execute...

fizzle-access.txt

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...

[Full-disclosure] Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...