CVE-2006-3801

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code...

CVE-2006-3801

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code...

Native DOM methods can be hijacked across domains — Mozilla

A malicious page can hijack native DOM methods on a document object in another domain, which will run the attacker's script when called by the victim page. This could be used to steal login cookies, password, or other sensitive data on the target page, or to perform actions on behalf of a logged-...

JavaScript new Function race condition — Mozilla

H. D. Moore reported a testcase that was able to trigger a race condition where JavaScript garbage collection deleted a temporary variable still being used in the creation of a new Function object. The resulting use of a deleted object may be potentially exploitable to run native code provided by...

Javascript navigator Object Vulnerability — Mozilla

An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could...

Microsoft Internet Explorer 6 - Native Function Iterator Denial of Service

Microsoft Internet Explorer 6 - Native Function Iterator Denial of Service source: https://www.securityfocus.com/bid/19140/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website...

From encryption software and with the mouth to save back to the file-vulnerability warning-the black bar safety net

Today dad just bought a U disk, but no encryption function, then check the Internet the following folder encryption software, but see there are people asking how to get back has been encrypted, the software today get up to people and claiming to defense-level encryption of the“high strength folde...

tbe40-XSS.txt

The Banner Engine - tbe4.0 Native Solutions -------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/top.php?action=search&catid=catid&text=%3Cscript%3Ealert%22Ellipsis+Security+Test%22%3C/script%3E...

TBE 4.0 XSS

The Banner Engine - tbe4.0 Native Solutions -------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/top.php?action=search&catid=catid&text=3Cscript3Ealert22Ellipsis+Security+Test223C/script3E...

SOL4944 - SSL decryption vulnerabilities - CR47778, CR48873, CR53987, CR54002

Workaround If upgrading is not an immediate option, you can prevent exploitation of these vulnerabilities temporarily by disabling NATIVE ciphers on any clientssl or serverssl profiles that require or request authentication. To do so, add :!NATIVE to the profiles' ciphers option available in the...

CVE-2005-2245

The provided connected documents confirm a vulnerability in F5 BIG-IP versions 9.0.2 through 9.1 that allows attackers to subvert the authentication of SSL transactions. The root cause and attack vectors are described as unknown, with possible involvement of NATIVE ciphers, but no concrete exploi...

CVE-2005-2245

Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers...

CVE-2005-2245

Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers...

Privilege escalation via DOM property overrides — Mozilla

mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code "chrome" being overly trusting of DOM...

CVE-2003-0791

CVE-2003-0791 affects Mozilla 1.4 and earlier, where Script.prototype.freeze/thaw can be abused: by altering the string given to script.thaw, input is deserialized and native methods may be executed. The connected records consistently reference Mozilla 1.4 and earlier as vulnerable, with the issu...

CVE-2003-0791

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed...

Java applet crashing with native assertion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this is a Java One special: Three months ago I informed Sun Microsystems about an applet alerting with a native win32 assertion Expression: offset fFileSize For information on how your program can cause an assertion failure, see the Visual C++...

PT-2003-1880 · Mozilla · Mozilla Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla versions 1.4 and earlier Description: The issue allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. This is related to the...

excel2000-exec.txt

Georgi Guninski security advisory 15, 2000 Excel 2000 vulnerability - executing programs Systems affected: Excel 2000/Win98 - almost sure other versions/OSes, have not tested Risk: High Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual...