695 matches found
SuSE9 Security Update : epiphany (YOU Patch Number 12519)
This update brings the Mozilla SeaMonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to : - Same-origin violations when Adobe Flash loaded via...
Random number generator and input name linebreaks can be used to send custom data to other sites
Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the...
Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories
Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories OPCOM Team | June 10, 2009 Severity Moderately severe Problem description Input names can contain line breaks when data is sent using POST. Suitable use of the random numbe...
[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1797-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 09, 2009 http://www.debian.org/security/faq -...
RedHat Security Advisory RHSA-2009:0436
The remote host is missing updates announced in advisory RHSA-2009:0436. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content...
Mozilla Foundation Security Advisory 2009-21
Mozilla Foundation Security Advisory 2009-21 Title: POST data sent to wrong site when saving web page with embedded frame Impact: Low Announced: April 21, 2009 Reporter: Paolo Amadini Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.9 SeaMonkey 1.1.17 Description Developer and Mozilla community...
Code injection
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...
CVE-2009-1311
CVE-2009-1311 affects Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17. A web page with an embedded frame can cause POST data from the outer page to be sent to the inner frame’s URL during SAVEMODE_FILEONLY saves, exposing sensitive information. The MiracleLinux/Tenable entry confirms thi...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...
Firefox POST data sent to wrong site when saving web page with embedded frame
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...
RHEL 4 / 5 : firefox (RHSA-2009:0436)
The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0436 advisory. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were...
FreeBSD : mozilla -- multiple vulnerabilities (3b18e237-2f15-11de-9672-0030843d3802)
Mozilla Foundation reports : MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites MFSA 2009-19: Same-origin...
POST data sent to wrong site when saving web page with embedded frame — Mozilla
Developer and Mozilla community member Paolo Amadini reported that when saving the inner frame of a web page as a file when the outer page has POST data associated with it, the POST data will be incorrectly sent to the URL of the inner frame. This could potentially result in a user's sensitive da...
flashchat severe bug
File: connection.php if ChatServer::userInRole$this-userid, ROLEADMIN || ChatServer::userInRole$this-userid, ROLEMODERATOR || $req's' == 7 -- bypass line This piece of code allows a normal user to bypass role filtering and to be granted admin role as a normal user. To exploit the vulnerability...
CVE-2008-1245
cgi-bin/setupvirtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service control center outage via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header...
Moderate: Red Hat Security Advisory: elinks security update
An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...
elinks reveals POST data to HTTPS proxy
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
DEBIAN-CVE-2007-5034
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
DEBIAN-CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...