Lucene search
K

120 matches found

Prion
Prion
added 2007/10/08 11:17 p.m.28 views

Design/Logic Flaw

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...

2.6CVSS6.3AI score0.03418EPSS
Exploits0References34Affected Software3
Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.19 views

Opera security advisory 2004-12-10

Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document. Applets hav...

2.6AI score
Exploits0References2Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.6 views

Opera security advisory 2004-12-10 – Opera Security Advisories

Opera security advisory 2004-12-10 – Opera Security Advisories OPCOM Team | February 9, 2007 Opera security advisory Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog...

5.6AI score
Exploits0References1
CERT
CERT
added 2007/01/18 12:0 a.m.31 views

Mozilla LiveConnect vulnerable to crash finalizing JS objects

Overview A vulnerability exists in the Mozilla LiveConnect that may allow a remote attacker to cause a denial of service. Description Mozilla LiveConnect, which allows communication between Java applets and web JavaScript, contains a vulnerability in the way freed objects are re-used that may...

7.1CVSS6.1AI score0.02279EPSS
Exploits0References14
OSV
OSV
added 2006/12/20 1:28 a.m.1 views

DEBIAN-CVE-2006-6502

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...

7.1CVSS8.4AI score0.02279EPSS
Exploits0References1
OSV
OSV
added 2006/12/20 1:28 a.m.6 views

CVE-2006-6502

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...

6.5AI score0.02279EPSS
Exploits0References53
Debian CVE
Debian CVE
added 2006/12/20 1:0 a.m.28 views

CVE-2006-6502

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...

7.1CVSS6.5AI score0.02279EPSS
Exploits0
securityvulns
securityvulns
added 2006/12/20 12:0 a.m.60 views

Mozilla Foundation Security Advisory 2006-71

Mozilla Foundation Security Advisory 2006-71 Title: LiveConnect crash finalizing JS objects Impact: Critical Announced: December 19, 2006 Reporter: Steven Michaud Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description...

7.1CVSS0.4AI score0.02279EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2006/12/19 10:40 p.m.3 views

security flaw

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...

7.1CVSS5.9AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/12/19 10:20 p.m.8 views

security flaw

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...

7.1CVSS5.9AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/12/19 9:1 p.m.3 views

security flaw

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...

7.1CVSS5.9AI score0.02279EPSS
Exploits0References4
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.32 views

LiveConnect crash finalizing JS objects — Mozilla

Steven Michaud reported a crash in LiveConnect, the bridge code that allows Java applets and web JavaScript to communicate. The crash is due to re-use of an already-freed object and we presume this could be exploited with enough effort...

7.1CVSS1.1AI score0.02279EPSS
Exploits0References2Affected Software3
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.26 views

FreeBSD : opera -- multiple vulnerabilities (d6b092bd-61e1-11da-b64c-0001020eed82)

Opera reports : It is possible to make a form input that looks like an image link. If the form input has a 'title' attribute, the status bar will show the 'title'. A 'title' which looks like a URL can mislead the user, since the title can say http://nice.familiar.com/, while the form action can b...

5CVSS5.6AI score0.0167EPSS
Exploits1References4
Opera Security Advisories
Opera Security Advisories
added 2005/11/23 12:0 a.m.22 views

Specially crafted Java applets can crash Opera

Java code using LiveConnect methods to remove a property of aJavaScript object may in some cases use null pointers that canmake Opera crash. This crash is not exploitable and such code israre on the web...

3.2AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2005/11/23 12:0 a.m.8 views

Specially crafted Java applets can crash Opera – Opera Security Advisories

Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...

5.9AI score
Exploits0References1
FreeBSD
FreeBSD
added 2005/11/16 12:0 a.m.28 views

opera -- multiple vulnerabilities

Opera reports: It is possible to make a form input that looks like an image link. If the form input has a "title" attribute, the status bar will show the "title". A "title" which looks like a URL can mislead the user, since the title can say http://nice.familiar.com/, while the form action can be...

5CVSS6.5AI score0.0167EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.31 views

FreeBSD : opera -- multiple vulnerabilities in Java implementation (1489df94-6bcb-11d9-a21e-000a95bc6fae)

Marc Schoenefeld reports : Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain unacceptable privileges. This allows them to be used for information gathering spying of local identity information and system configurations as well as causing annoying crash...

5.5AI score
Exploits0References2
CVE
CVE
added 2005/02/13 5:0 a.m.50 views

CVE-2004-1450

Technical details are not publicly available in the provided connected documents (no explicit affected product/version, root cause, or exploit information). Monitor for updates from the cited sources (NVD/CVE records) for any changes.

5CVSS7.1AI score0.01241EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2005/02/13 5:0 a.m.17 views

CVE-2004-1450

Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations...

6.7AI score0.01241EPSS
Exploits0References2
NVD
NVD
added 2004/12/31 5:0 a.m.22 views

CVE-2004-1450

Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations...

5CVSS6.7AI score0.01241EPSS
Exploits0References2
Rows per page
Query Builder