120 matches found
Design/Logic Flaw
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...
Opera security advisory 2004-12-10
Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document. Applets hav...
Opera security advisory 2004-12-10 – Opera Security Advisories
Opera security advisory 2004-12-10 – Opera Security Advisories OPCOM Team | February 9, 2007 Opera security advisory Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog...
Mozilla LiveConnect vulnerable to crash finalizing JS objects
Overview A vulnerability exists in the Mozilla LiveConnect that may allow a remote attacker to cause a denial of service. Description Mozilla LiveConnect, which allows communication between Java applets and web JavaScript, contains a vulnerability in the way freed objects are re-used that may...
DEBIAN-CVE-2006-6502
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...
CVE-2006-6502
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...
CVE-2006-6502
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...
Mozilla Foundation Security Advisory 2006-71
Mozilla Foundation Security Advisory 2006-71 Title: LiveConnect crash finalizing JS objects Impact: Critical Announced: December 19, 2006 Reporter: Steven Michaud Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description...
security flaw
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...
security flaw
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...
security flaw
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash via unknown vectors...
LiveConnect crash finalizing JS objects — Mozilla
Steven Michaud reported a crash in LiveConnect, the bridge code that allows Java applets and web JavaScript to communicate. The crash is due to re-use of an already-freed object and we presume this could be exploited with enough effort...
FreeBSD : opera -- multiple vulnerabilities (d6b092bd-61e1-11da-b64c-0001020eed82)
Opera reports : It is possible to make a form input that looks like an image link. If the form input has a 'title' attribute, the status bar will show the 'title'. A 'title' which looks like a URL can mislead the user, since the title can say http://nice.familiar.com/, while the form action can b...
Specially crafted Java applets can crash Opera
Java code using LiveConnect methods to remove a property of aJavaScript object may in some cases use null pointers that canmake Opera crash. This crash is not exploitable and such code israre on the web...
Specially crafted Java applets can crash Opera – Opera Security Advisories
Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...
opera -- multiple vulnerabilities
Opera reports: It is possible to make a form input that looks like an image link. If the form input has a "title" attribute, the status bar will show the "title". A "title" which looks like a URL can mislead the user, since the title can say http://nice.familiar.com/, while the form action can be...
FreeBSD : opera -- multiple vulnerabilities in Java implementation (1489df94-6bcb-11d9-a21e-000a95bc6fae)
Marc Schoenefeld reports : Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain unacceptable privileges. This allows them to be used for information gathering spying of local identity information and system configurations as well as causing annoying crash...
CVE-2004-1450
Technical details are not publicly available in the provided connected documents (no explicit affected product/version, root cause, or exploit information). Monitor for updates from the cited sources (NVD/CVE records) for any changes.
CVE-2004-1450
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations...
CVE-2004-1450
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations...