233 matches found
CVE-2015-0798
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...
CVE-2015-0798
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...
KLA10531 Security bypass vulnerabilities in Mozilla Firefox
Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities 1. Lack of privileges restrictions can be exploited remotely via vectors related to reader mode. Firefox for...
FreeBSD : mozilla -- multiple vulnerabilities (b8321d76-24e7-4b72-a01d-d12c4445d826)
The Mozilla Project reports : MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode...
Loading privileged content through Reader mode — Mozilla
Security researcher Armin Ebert reported a flaw in Reader mode on Firefox for Android. Reader mode reformats web content for easy readability and operates as unprivileged content that is the equivalent of the formatted content. When Reader mode is unable to process content, it displays the origin...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)
MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session...
Mozilla Firefox 16 Reader Mode 跨站脚本执行漏洞 (CVE-2012-3987)
BUGTRAQ ID: 55856 CVE ID: CVE-2012-3987 Firefox是一款非常流行的开源WEB浏览器。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox 16存在安全漏洞,当一个页面转变到Reader Mode时,结果页面会具有chrome权限,其内容也未被完全过滤。这可导致跨脚本执行攻击,以获取Android设备上的Firefox权限。 0 Mozilla Firefox 16 厂商补丁: Mozilla -------...
FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392)
The Mozilla Project reports : MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security check...
CVE-2012-3987
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site...
Design/Logic Flaw
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks...
Reader Mode pages have chrome privileges — Mozilla
Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then...