CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

281 matches found

UbuntuCve•added 2005/05/02 4:0 a.m.•26 views

CVE-2005-1153

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

7.5CVSS6.3AI score0.07147EPSS

Exploits0References3

RedHat Linux•added 2005/04/26 4:27 p.m.•2 views

security flaw

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...

7.5CVSS6.2AI score0.35557EPSS

Exploits1References4

RedHat Linux•added 2005/04/26 4:27 p.m.•2 views

security flaw

7.5CVSS6.2AI score0.07147EPSS

Exploits0References4

RedHat Linux•added 2005/04/21 9:11 a.m.•3 views

security flaw

7.5CVSS6.2AI score0.07147EPSS

Exploits0References4

UbuntuCve•added 2005/04/18 4:0 a.m.•42 views

CVE-2005-0752

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

7.5CVSS6.3AI score0.03515EPSS

Exploits0References2

NVD•added 2005/04/18 4:0 a.m.•18 views

CVE-2005-0752

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

7.5CVSS6.8AI score0.03515EPSS

Exploits0References6

CVE•added 2005/04/18 4:0 a.m.•99 views

CVE-2005-0752

The CVE-2005-0752 entry describes a remote code execution via the Plugin Finder Service (PFS) in Firefox, affected when a javascript: URL is used in the PLUGINSPAGE attribute of an EMBED tag. The vulnerability is tied to Firefox versions before 1.0.3, with an exploit occurring through a crafted E...

7.5CVSS6.7AI score0.03515EPSS

Exploits0References6Affected Software1

Cvelist•added 2005/04/18 4:0 a.m.•24 views

CVE-2005-1153

6.7AI score0.07147EPSS

Exploits0References12

CVE•added 2005/04/18 4:0 a.m.•82 views

CVE-2005-1153

CVE-2005-1153 affects Firefox before 1.0.3 and Mozilla Suite before 1.7.7. When a popup is blocked, a javascript: URL executed via the user-visible Show javascript option can lead to remote code execution. The issue is documented in multiple advisories (e.g., RHSA-2005:383/384/386) and affected F...

7.5CVSS6.7AI score0.07147EPSS

Exploits0References12Affected Software2

Mozilla•added 2005/04/15 12:0 a.m.•19 views

Arbitrary code execution from Firefox sidebar panel II — Mozilla

Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to install malicious code or steal data without user...

6.8AI score

Exploits0References1Affected Software1

Cvelist•added 2005/04/08 4:0 a.m.•16 views

CVE-2005-1016

Cross-site scripting XSS vulnerability in linksaddform.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL...

5.7AI score0.00427EPSS

Exploits0References5

NVD•added 2002/12/31 5:0 a.m.•17 views

CVE-2002-2314

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail...

5CVSS6.6AI score0.13167EPSS

Exploits1References7

CVE•added 2002/07/26 4:0 a.m.•37 views

CVE-2002-0783

CVE-2002-0783 affects Opera versions 5.12, 6.0, and 6.01. The vulnerability lets a remote attacker execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. The underlying flaw is exposure of frame/iframe navigation to a...

7.5CVSS7.7AI score0.1151EPSS

Exploits1References3Affected Software1

securityvulns•added 2002/07/24 12:0 a.m.•39 views

Cookie protection bypass in Mozilla

It's possible to obtain cookie by spoofing valid hostname in javascript: URL. For example f.location = "javascript://www.google.com/n"+ "'body onload=alertdocument.cookie'";...

1.7AI score

Exploits0References1Affected Software1

NVD•added 2002/06/25 4:0 a.m.•15 views

CVE-2002-0346

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to 1 service.cgi or 2 alert.cgi...

7.5CVSS7AI score0.12297EPSS

Exploits0References3

securityvulns•added 2002/05/16 12:0 a.m.•31 views

Crossite scripting in Opera

javascript: URL is executed in context of previously loaded page...

2.1AI score

Exploits0References1Affected Software1

Cvelist•added 2001/01/22 5:0 a.m.•14 views

CVE-2000-0958

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window...

6.6AI score0.05626EPSS

Exploits1References2

exploitpack•added 2001/01/01 12:0 a.m.•12 views

Microsoft Windows Media Player 7.0 - JavaScript URL

Microsoft Windows Media Player 7.0 - JavaScript URL source: https://www.securityfocus.com/bid/2167/info Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from...

7.3AI score

Exploits0

securityvulns•added 2000/12/25 12:0 a.m.•21 views

Проблема в Internet Explorer (HTTP-redirect)

Internet Explorer выпадает при получении редирект на URL типа javascript:...

0.7AI score

Exploits0References1Affected Software1

NVD•added 2000/12/19 5:0 a.m.•15 views

CVE-2000-0958

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window...

5CVSS6.6AI score0.05626EPSS

Exploits1References2