Mozilla Firefox Flash Privileged Code Injection (CVE-2013-0757; CVE-2013-0758)

A Privileged Code Injection vulnerability has been reported in Mozilla Firefox. The vulnerability is due to a design flaw which allows to open a privileged chrome web page through plugin objects. Successful exploitation could allow an attacker to execute arbitrary code...

Firefox 17.0.1 Flash Privileged Code Injection

This exploit gains remote code execution on Firefox 17 and 17.0.1, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG "use" element in the This module requires Metasploit: https://metasploit.com/download Curre...

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 20...

Java environment limitations bypass

There are few ways to bypass limitations and execute privileged code from the applet...

FreeBSD : mozilla -- multiple vulnerabilities (2b8cad90-f289-11e1-a215-14dae9ebcf89)

The Mozilla Project reports : MFSA 2012-57 Miscellaneous memory safety hazards rv:15.0/ rv:10.0.7 MFSA 2012-58 Use-after-free issues found using Address Sanitizer MFSA 2012-59 Location object can be shadowed using Object.defineProperty MFSA 2012-60 Escalation of privilege through about:newtab MFS...

Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72)

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and...

OpenJDK: RMI registry privileged code execution (RMI, 7083012)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

OpenJDK: RMI registry privileged code execution (RMI, 7083012)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

OpenJDK: RMI registry privileged code execution (RMI, 7083012)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

SJOW creates scope chains ending in outer object — Mozilla

Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper SJOW, a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner...

Core Security Technologies Advisory 2010.0623

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Windows CreateWindow function callback vulnerability Advisory Id:...

WizzRSS Firefox Extension - Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. WizzRSS Firefox Extension Code Injection Vulnerability Versions affected: WizzRSS Reader 3.1.0.0 WizzRSS Reader Lite 3.0.0.9b +-----------+ |Description| +-----------+ The WizzRSS...

HP-UX Update for Mozilla remote HPSBUX01133

Check for the Version of Mozilla remote OpenVAS Vulnerability Test HP-UX Update for Mozilla remote HPSBUX01133 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

HP-UX Update for HP-UX Pkg HPSBUX01230

Check for the Version of HP-UX Pkg OpenVAS Vulnerability Test HP-UX Update for HP-UX Pkg HPSBUX01230 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

HP-UX Update for Mozilla remote HPSBUX01133

Check for the Version of Mozilla remote OpenVAS Vulnerability Test HP-UX Update for Mozilla remote HPSBUX01133 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for libxslt CESA-2008:0287 centos3 x86_64

Check for the Version of libxslt OpenVAS Vulnerability Test CentOS Update for libxslt CESA-2008:0287 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)

/ excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated, to make sure unauthorized processes do not retain control o...

security flaw

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

Cross site scripting

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

CVE-2006-2784

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...