FreeBSD : opera -- multiple vulnerabilities (0e30e802-a9db-11dd-93a2-000bcdf0a03b)

Opera reports : When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuratio...

Opera Web Browser Command Execution and XSS Vulnerabilities (Linux)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Linux Authors: Chandan S Copyright: Copyright c 20...

Opera Web Browser Command Execution and XSS Vulnerabilities (Windows)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Windows Authors: Chandan S Copyright: Copyright c...

Opera Web Browser Command Execution and XSS Vulnerabilities - Windows

Opera Web Browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Safari vulnerable to xss via the processing of JavaScript URLs

Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...

security flaw

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

CVE-2006-2784

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

CVE-2006-2784

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

FreeBSD : mozilla -- 'Wrapped' javascript: urls bypass security checks (a81746a1-c2c7-11d9-89f7-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source : pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...

CVE-2005-1531

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using 1 a javascript: URL in a view-source: URL, 2 a javascript: URL in a...

"Wrapped" javascript: urls bypass security checks — Mozilla

Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also b...

Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access

Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access source: https://www.securityfocus.com/bid/5293/info Mozilla is an open source web browser available for a number of platforms, including Microsoft Windows and Linux. An issue has been reported in the Mozilla web browser which...

CVE-2001-0148

The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability...