Google's New Tool, DOM Snitch, Finds JavaScript Flaws

Google announced on Tuesday the availability of a new free application testing tool, dubbed “DOM Snitch,” that it says will help Web application developers find vulnerabilities in client side Web applications. The new application is a Chrome browser extension that works by injecting hooks into a...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS Update for seamonkey CESA-2010:0810 centos4 i386

Check for the Version of seamonkey OpenVAS Vulnerability Test CentOS Update for seamonkey CESA-2010:0810 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

RedHat Update for xulrunner RHSA-2010:0809-01

Check for the Version of xulrunner OpenVAS Vulnerability Test RedHat Update for xulrunner RHSA-2010:0809-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mozilla Firefox NodeIterator Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application'...

Internet Explorer COM Object Instantiation Memory Corruption (CVE-2006-4495)

Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating an object. ...

Internet Explorer DirectAnimation COM Object Memory Corruption (MS06-042; CVE-2006-3638)

Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating a COM objec...

Mozilla Browser engine crashes

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 the frame chain and synchronous events, 2 a SetMayHaveFrame assertion and...

Cisco ASA Adaptive Security Appliance Clientless SSL VPN DOM Cross-Site Scripting Vulnerability

Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that are configured to accept Clientless SSL VPN connections are affected by a cross-site scripting vulnerability. Versions 7.x are not affected. The vulnerability is due to insufficient restrictions on...

Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories

Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their...

Firefox arbitrary file disclosure

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

CVE-2007-6705

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESSDUPHANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly...

CVE-2007-5344

CVE-2007-5344 affects Microsoft Internet Explorer 5.01–7 via mshtml.dll, where the CRecalcProperty/setExpression sequence enables remote arbitrary code execution through heap corruption of uninitialized/removed objects. Public sources in connected docs confirm a memory-corruption chain tied to se...

Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption (MS07-045; CVE-2007-3041)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer IE ActiveX control pdwizard.ocx. ActiveX controls are reusable software components based on Microsoft Component Object Model COM. To trigger the vulnerability, an attacker can create a malicious web page that...

security flaw

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects...

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the 1 valueOf.call or 2...

VulnCheck KEV: CVE-2005-1790

Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service crash and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects...

security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface...

Mozilla Suite And Firefox - DOM Property Overrides Code Execution

source: https://www.securityfocus.com/bid/13645/info Mozilla Suite and Mozilla Firefox are affected by a code-execution vulnerability. This issue is due to a failure in the application to properly verify Document Object Model DOM property values. An attacker may leverage this issue to execute...