295 matches found
IBM BladeCenter Advanced Management Module Multiple vulnerabilities
Louhi Networks Information Security Research Security Advisory Advisory: IBM BladeCenter Advanced Management Module Multiple vulnerabilities XSS type 2 & 1, CSRF, Information Disclosure Release Date: 2009-04-09 Last Modified: 2009-04-09 Authors: Henri Lindberg [email protected], CISA Device...
PT-2008-6571 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.19 Description: A issue in Mozilla Firefox allows remote attackers to run arbitrary JavaScript with chrome privileges. This is related to vectors involving the feed preview. Recommendations: For version...
JSON Hijacking of use as well as Web API security-vulnerability warning-the black bar safety net
by:cosine JSON Hijacking what role, as a black brother said, You can CSRF to give the user privacy data: a. The principle of the last presentation, first take a attack example, take the meal to do an experiment. First of all, we see this:http://help.fanfou.com/api.html. Rice no API. Wherein:...
security flaw
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client...
security flaw
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...
security flaw
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...
PT-2006-5354 · Mozilla · Firefox
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 1.5.0.6 Description: The issue allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server. This can be achieved by hosting a script on an...
security flaw
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
security flaw
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...
DEBIAN-CVE-2006-1741
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...
security flaw
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
security flaw
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...
security flaw
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...
CVE-2004-1712
Cross-site scripting XSS vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter...
CVE-2002-0474
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag...