Lucene search
K

4319 matches found

OSV
OSV
added 2015/04/01 12:0 a.m.4 views

UBUNTU-CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

7.5CVSS7.6AI score0.03269EPSS
Exploits0References5
OSV
OSV
added 2015/04/01 12:0 a.m.6 views

UBUNTU-CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...

5CVSS7.6AI score0.67465EPSS
Exploits4References3
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.42 views

Same-origin bypass through anchor navigation — Mozilla

Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass...

7.5CVSS8.8AI score0.03269EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.52 views

Windows can retain access to privileged content on navigation to unprivileged pages — Mozilla

Mozilla developer Bobby Holley reported that windows created to hold privileged UI content retained access to privileged internal methods if later navigated to unprivileged content. If a separate flaw was found that allowed for web content to reference these privileged windows, an attacker could...

5CVSS9.4AI score0.67465EPSS
Exploits4References2Affected Software3
OPENSUSE Linux
OPENSUSE Linux
added 2015/03/30 11:4 p.m.29 views

Security update for seamonkey (important)

SeaMonkey was updated to 2.33.1 to fix several vulnerabilities. The following vulnerabilities were fixed: Privilege escalation through SVG navigation CVE-2015-0818 Code execution through incorrect JavaScript bounds checking elimination CVE-2015-0817...

7.5CVSS3.1AI score0.03677EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/03/27 12:0 a.m.22 views

Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability (Mar 2015) - Windows

Mozilla Firefox is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox...

7.5CVSS9.7AI score0.03149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.27 views

openSUSE Security Update : MozillaFirefox (openSUSE-2015-263)

MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security issues found during Pwn2Own : - MFSA 2015-28/CVE-2015-0818 bmo1144988 Privilege escalation through SVG navigation - MFSA 2015-29/CVE-2015-0817 bmo1145255 Code execution through incorrect JavaScript bounds checking eliminati...

7.5CVSS7.3AI score0.03677EPSS
Exploits0References3
Drupal
Drupal
added 2015/03/25 12:0 a.m.15 views

Crumbs - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-082

This module enables you to add navigation to your webpages colloquially referred to as "breadcrumbs". The module doesn't sufficiently sanitize custom HTML separators for breadcrumbs, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacke...

2.1CVSS5.9AI score0.00949EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2015/03/24 12:31 p.m.9 views

Mozilla: Privilege escalation through SVG navigation (MFSA 2015-28)

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS7.2AI score0.03149EPSS
Exploits0References5
NVD
NVD
added 2015/03/24 12:59 a.m.20 views

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS7AI score0.03149EPSS
Exploits0References13
Prion
Prion
added 2015/03/24 12:59 a.m.27 views

Design/Logic Flaw

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS7.4AI score0.03149EPSS
Exploits0References13Affected Software3
Cvelist
Cvelist
added 2015/03/24 12:0 a.m.35 views

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

9.5AI score0.03149EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.35 views

SeaMonkey < 2.33.1 Multiple Vulnerabilities

The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to...

7.5CVSS7.8AI score0.03677EPSS
Exploits0References4
OSV
OSV
added 2015/03/22 11:12 a.m.4 views

USN-2538-1 firefox vulnerabilities

A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox...

7.5CVSS7.1AI score0.03677EPSS
Exploits0References3
OSV
OSV
added 2015/03/22 12:0 a.m.3 views

UBUNTU-CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS6.9AI score0.03149EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2015/03/20 12:0 a.m.25 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-28 Privilege escalation through SVG navigation MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination...

9.6AI score
Exploits0References3
Mozilla
Mozilla
added 2015/03/20 12:0 a.m.45 views

Privilege escalation through SVG navigation — Mozilla

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation...

7.5CVSS8.9AI score0.03149EPSS
Exploits0References2Affected Software3
Hacker One
Hacker One
added 2015/03/09 4:33 a.m.39 views

Concrete CMS: Stored XSS in title of date navigation

XSS payload can be executed and saved permanently in title of date navigation. Poc code: "...

6.3AI score
Exploits0
Atlassian
Atlassian
added 2015/02/26 1:52 p.m.21 views

Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel

Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/02/26 1:52 p.m.26 views

Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel

Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...

0.7AI score
Exploits0Affected Software1
Rows per page
Query Builder