Lucene search
K

31 matches found

Snyk
Snyk
added 2016/05/26 9:0 p.m.3 views

Arbitrary Script Injection

Overview Affected versions of this package are vulnerable to Arbitrary Script Injection. Attributes were not protected via $sce, which prevents interpolated values that fail the RESOURCEURL context tests from being used in interpolation. For example if the application is running at...

4.8CVSS7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/04/29 12:0 a.m.26 views

Mozilla Firefox < 37.0 Multiple Vulnerabilities

Binary data 8742.prm...

7.5CVSS9.6AI score0.67465EPSS
Exploits4References27
ArchLinux
ArchLinux
added 2015/04/04 12:0 a.m.47 views

thunderbird: multiple issues

CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

7.5CVSS0.8AI score0.67135EPSS
Exploits3References10
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.67 views

resource:// documents can load privileged pages — Mozilla

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla's PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled...

5CVSS9.1AI score0.67135EPSS
Exploits3References2Affected Software5
Snyk
Snyk
added 2013/11/12 10:0 p.m.4 views

Protection Bypass

Overview Affected versions of this package are vulnerable to Protection Bypass via ng-attr-action and ng-attr-srcdoc allowing binding to Javascript. The fix was to require bindings to formaction to be $sce.RESOURCEURL and bindings to iframesrcdoc to be $sce.HTML Remediation Upgrade angularjs to...

7.4CVSS7AI score
Exploits0References2
NVD
NVD
added 2011/05/07 6:55 p.m.19 views

CVE-2011-0071

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...

5CVSS6.4AI score0.02795EPSS
Exploits1References9
Prion
Prion
added 2011/05/07 6:55 p.m.13 views

Directory traversal

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...

5CVSS7AI score0.02795EPSS
Exploits1References9Affected Software3
Cvelist
Cvelist
added 2011/05/07 6:0 p.m.25 views

CVE-2011-0071

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...

9.3AI score0.02795EPSS
Exploits1References9
CVE
CVE
added 2011/05/07 6:0 p.m.96 views

CVE-2011-0071

CVE-2011-0071 is a directory traversal vulnerability affecting Mozilla Firefox prior to 3.5.19, and Firefox 3.6.x prior to 3.6.17, Thunderbird prior to 3.1.10, and SeaMonkey prior to 2.0.14 on Windows. The issue allows remote attackers to determine the existence of arbitrary files, and potentiall...

5CVSS9.2AI score0.02795EPSS
Exploits1References9Affected Software1
UbuntuCve
UbuntuCve
added 2011/05/04 12:0 a.m.38 views

CVE-2011-0071

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...

5CVSS5.9AI score0.02795EPSS
Exploits1References5
securityvulns
securityvulns
added 2007/05/31 12:0 a.m.27 views

Firefox information leak

It's possible to check file existance with resource:// URL...

1.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder