Lucene search
+L

233 matches found

NVD
NVD
added 2015/04/08 10:59 a.m.26 views

CVE-2015-0798

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...

5CVSS7.2AI score0.02235EPSS
Exploits0References5
Cvelist
Cvelist
added 2015/04/08 10:0 a.m.33 views

CVE-2015-0798

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...

9.5AI score0.02235EPSS
Exploits0References5
Kaspersky
Kaspersky
added 2015/04/06 12:0 a.m.78 views

KLA10531 Security bypass vulnerabilities in Mozilla Firefox

Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities 1. Lack of privileges restrictions can be exploited remotely via vectors related to reader mode. Firefox for...

5CVSS9.3AI score0.02235EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/04/06 12:0 a.m.41 views

FreeBSD : mozilla -- multiple vulnerabilities (b8321d76-24e7-4b72-a01d-d12c4445d826)

The Mozilla Project reports : MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

5CVSS8.4AI score0.02235EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2015/04/03 12:0 a.m.35 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode...

9.2AI score
Exploits0References3
Mozilla
Mozilla
added 2015/04/03 12:0 a.m.41 views

Loading privileged content through Reader mode — Mozilla

Security researcher Armin Ebert reported a flaw in Reader mode on Firefox for Android. Reader mode reformats web content for easy readability and operates as unprivileged content that is the equivalent of the formatted content. When Reader mode is unable to process content, it displays the origin...

5CVSS9.3AI score0.02235EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/10/17 12:0 a.m.257 views

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)

MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session...

10CVSS8.2AI score0.42609EPSS
Exploits10References70
seebug.org
seebug.org
added 2012/10/14 12:0 a.m.48 views

Mozilla Firefox 16 Reader Mode 跨站脚本执行漏洞 (CVE-2012-3987)

BUGTRAQ ID: 55856 CVE ID: CVE-2012-3987 Firefox是一款非常流行的开源WEB浏览器。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox 16存在安全漏洞,当一个页面转变到Reader Mode时,结果页面会具有chrome权限,其内容也未被完全过滤。这可导致跨脚本执行攻击,以获取Android设备上的Firefox权限。 0 Mozilla Firefox 16 厂商补丁: Mozilla -------...

4CVSS6.4AI score0.01451EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2012/10/11 12:0 a.m.21 views

FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392)

The Mozilla Project reports : MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security check...

10CVSS8.7AI score0.42609EPSS
Exploits9References45
NVD
NVD
added 2012/10/10 5:55 p.m.16 views

CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site...

4CVSS6.2AI score0.01451EPSS
Exploits1References5
Prion
Prion
added 2012/10/10 5:55 p.m.16 views

Design/Logic Flaw

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site...

4CVSS6.9AI score0.01451EPSS
Exploits1References5Affected Software1
FreeBSD
FreeBSD
added 2012/10/09 12:0 a.m.55 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks...

10CVSS10.2AI score0.42609EPSS
Exploits9References17
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.31 views

Reader Mode pages have chrome privileges — Mozilla

Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then...

4CVSS5.6AI score0.01451EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder