148 matches found
security flaw
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...
CVE-2006-2784
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...
CVE-2006-2784
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...
FreeBSD : mozilla -- 'Wrapped' javascript: urls bypass security checks (a81746a1-c2c7-11d9-89f7-02061b08fc24)
A Mozilla Foundation Security Advisory reports : Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source : pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...
CVE-2005-1531
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using 1 a javascript: URL in a view-source: URL, 2 a javascript: URL in a...
"Wrapped" javascript: urls bypass security checks — Mozilla
Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also b...
Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access
Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access source: https://www.securityfocus.com/bid/5293/info Mozilla is an open source web browser available for a number of platforms, including Microsoft Windows and Linux. An issue has been reported in the Mozilla web browser which...
CVE-2001-0148
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability...