5777 matches found
GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200703-18 Mozilla Thunderbird: Multiple vulnerabilities Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the...
security flaw
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...
security flaw
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...
security flaw
Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...
gmx-xss.txt
hello everybody, recently, i've detected that gmx, a german freemail-provider it offers professional services too is prone to a xss-vulnerability. An attacker could send an email containing these string: Because gmx-webmail displays html-mails also, you can color the code white so that the...
pdf-xss.txt
I will be very quick and just point to links where you can read about this issue. It seams that PDF documents can execute JavaScript code for no apparent reason by using the following template: http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere You must understand that the...
[Full-disclosure] Universal XSS with PDF files: highly dangerous
I will be very quick and just point to links where you can read about this issue. It seams that PDF documents can execute JavaScript code for no apparent reason by using the following template: http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere You must understand that the...
youtube-js.txt
The following URL will cause javascript to execute in the context of youtube http://www.youtube.com/p.swf?videoid=eVFF98kNg8Q&eurl=&t=&iurl=javascript:alert'Javascript%20executed!\r\n\r\nLocation: '%2bwindow.location%2b'\r\n\r\nCookie: '%2bdocument.cookie Cheers...
[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1224-1 [email protected] http://www.debian.org/security/ Martin Schulze December 3rd, 2006 http://www.debian.org/security/faq -...
CVE-2006-5463
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...
security flaw
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...
Debian DSA-1046-1 : mozilla - several vulnerabilities
Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...
USN-352-1: Thunderbird vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. CVE-2006-4253,...
CVE-2006-4965
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of...
FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)
The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 - MFSA...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-63...
msxss.txt
Hello, I have found that microsoft.com fails to filter html properly on some pages. http://support.microsoft.com/newsgroups/default.aspx?lang=en&cr=US&dg=microsoft.public.ccf&sloc=us';alert'xss this causes javascript to be executed when a user clicks the help link. Someone knows how to get js...
cpanel10.txt
A new vulnerability was found in Cpanel V.10; It happen cause the variable &File of the select.html file in the edit-zone just filter the 's labels and the possibility can by open to other labels like Server Side Include, HMTL labels... including Javascript expressed in other ways An attacker can...
security flaw
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
CVE-2006-0400
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."...