Opera Cache History Information Disclosure Vulnerability - Mac OS X

Opera is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows)

The host is installed with Mozilla Firefox and is prone to cache objects history enumeration weakness vulnerability. OpenVAS Vulnerability Test $Id: gbmozillafirefoxcacheobjenumweaknessvulnwin.nasl 7019 2017-08-29 11:51:27Z teissa $ Mozilla Firefox Cache Objects History Enumeration Weakness...

Apple Safari WebKit Information Disclosure Vulnerability - Windows

Apple Safari web browser is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4688

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

Design/Logic Flaw

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

Design/Logic Flaw

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

Design/Logic Flaw

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4689

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

Debian DSA-2342-1 : iceape - several vulnerabilities

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-3647 'mozbugra4' discovered a privilege escalation vulnerability in addon handling. - CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could...

seamonkey security update

CentOS Errata and Security Advisory CESA-2011:1440 Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

RHEL 6 : thunderbird (RHSA-2011:1439)

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

DSA-2342-1 iceape - several

Bulletin has no description...

Critical: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Adobe Flash bug allow spying Webcam hole

Adobe Flash bug allow spying Webcam hole The flaw was disclosed in 2008 and can be exploited to turn on people's webcams or microphones without their knowledge. Attack involved putting the Adobe Flash Settings Manager page into an iFrame and masking it with a game, so that when the user clicked o...

CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

PYSEC-2011-5

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

Cross site request forgery (csrf)

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...