Opera Web浏览器9.26修复多个安全漏洞

BUGTRAQ ID: 27901 Opera是一款流行的WEB浏览器，支持多种平台。 Opera Web浏览器的9.26之前版本中存在多个安全漏洞，可能允许恶意用户执行跨站脚本攻击、泄露敏感信息或绕过某些安全限制。 1 当用户键入文件输入时，脚本可能导致忽略一些键盘动作。如果脚本能够诱骗用户相信正在键入正常的文件输入，而不让用户看到已经忽略了键盘动作，就可能导致输入指向计算机上的文件路径，然后在未经用户交互的情况下上传文件。 2 图形属性中可能包含有自定义标注。在显示图形属性时，Opera可能将这些标注处理为脚本，导致在错误的安全环境中运行脚本。 3...

GLSA-200612-06 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200612-06 Mozilla Thunderbird: Multiple vulnerabilities It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in...

Code injection

The signature verification functionality in the YaST Online Update YOU script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used...