31 matches found
Arbitrary Script Injection
Overview Affected versions of this package are vulnerable to Arbitrary Script Injection. Attributes were not protected via $sce, which prevents interpolated values that fail the RESOURCEURL context tests from being used in interpolation. For example if the application is running at...
Mozilla Firefox < 37.0 Multiple Vulnerabilities
Binary data 8742.prm...
thunderbird: multiple issues
CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...
resource:// documents can load privileged pages — Mozilla
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla's PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled...
Protection Bypass
Overview Affected versions of this package are vulnerable to Protection Bypass via ng-attr-action and ng-attr-srcdoc allowing binding to Javascript. The fix was to require bindings to formaction to be $sce.RESOURCEURL and bindings to iframesrcdoc to be $sce.HTML Remediation Upgrade angularjs to...
CVE-2011-0071
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...
Directory traversal
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...
CVE-2011-0071
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...
CVE-2011-0071
CVE-2011-0071 is a directory traversal vulnerability affecting Mozilla Firefox prior to 3.5.19, and Firefox 3.6.x prior to 3.6.17, Thunderbird prior to 3.1.10, and SeaMonkey prior to 2.0.14 on Windows. The issue allows remote attackers to determine the existence of arbitrary files, and potentiall...
CVE-2011-0071
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...
Firefox information leak
It's possible to check file existance with resource:// URL...