1619 matches found
CVE-2009-3010
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting ...
CVE-2009-3016
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains a javascript: URI, 2 entering a javascript: URI...
CVE-2009-3011
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains...
PT-2009-5350 · Mozilla · Firefox +1
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 3.0.13 and earlier Mozilla Firefox version 3.5 Mozilla Firefox version 3.6 a1 pre Mozilla Firefox version 3.7 a1 pre SeaMonkey version 1.1.17 Mozilla versions 1.7.x and earlier Description: The issue allows remote...
Snow Leopard Gets an Anti-Virus Scanner
Apple’s commercials may give the impression that Macs are virus-free but the company isn’t taking any chances with the newest Mac OS X refresh. Apple has quietly added a new Snow Leopard feature to scan software downloads for malware, a no-brainer move that coincides with a noticeable spike in...
Google Chrome Cross-Site Scripting Vulnerability - July09
This host has Google Chrome installed and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromexssvulnjul09.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome Cross-Site Scripting Vulnerability - July09 Authors: Sharath S Copyright: Copyright c 2009...
Microsoft Internet Explorer XSS Vulnerability - July09
The host is installed with Internet Explorer and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmsiexssvulnjul09.nasl 6527 2017-07-05 05:56:34Z cfischer $ Microsoft Internet Explorer XSS Vulnerability - July09 Authors: Nikita MR Copyright: Copyright c 2009...
Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Linux)
The host is installed with Opera Web Browser and is prone to Cross-Site Scripting Vulnerability. OpenVAS Vulnerability Test $Id: gboperaxssvulnlin.nasl 4869 2016-12-29 11:01:45Z teissa $ Opera Web Browser 'Refresh' Header XSS Vulnerabilities Linux Authors: Antu Sanadi Copyright: Copyright c 2009...
Google Chrome Cross-Site Scripting Vulnerability (Jul 2009)
Google Chrome is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Windows
Opera Web Browser is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Linux
Opera Web Browser is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Internet Explorer XSS Vulnerability (Jul 2009)
Internet Explorer is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue to...
CVE-2009-2351
CVE-2009-1312 is referenced in MiracleLinux AXSA advisories as a vulnerability in Mozilla Firefox and SeaMonkey where javascript: URIs in Refresh headers in HTTP responses were not blocked. Affected versions include Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17; this could enable cross...
CVE-2009-2352
Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue...
Google Chrome 0.3.154 - JavaScript: URI in Refresh Header Cross-Site Scripting
Google Chrome 0.3.154 - JavaScript: URI in Refresh Header Cross-Site Scripting source: https://www.securityfocus.com/bid/35572/info Google Chrome is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execu...
Cross site scripting
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...
CVE-2009-1312
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...
javascript: URIs
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...
Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting
Mozilla Multiple Products - Server Refresh Header Cross-Site Scripting source: https://www.securityfocus.com/bid/34656/info The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. Attackers can exploit these issue...