CVE-2005-2264

Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...

FreeBSD : firefox -- arbitrary code execution in sidebar panel (1f2fdcff-ae60-11d9-a788-0001020eed82)

A Mozilla Foundation Security Advisory reports : Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript : url. This could be used to...

FreeBSD : firefox -- arbitrary code execution from sidebar panel (741f8841-9c6b-11d9-9dbe-000a95bc6fae)

A Mozilla Foundation Security Advisory states : If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting JavaScript into it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Script injection from Firefox sidebar panel using data: — Mozilla

Sites can use the search target to open links in the Firefox sidebar. A missing security check allows the sidebar to inject data: urls containing scripts into any page open in the browser. This could be used to steal cookies, passwords or other sensitive data...

mfsa200539.txt

// FrSIRT Comment : If a user clicks on a link, this code will load "about:plugins" // into Firefox sidebar panel and will overwrite "browser.startup.homepage", // which will change the homepage to malicious.com Click Here First Next, Click Here...

CVE-2005-1158

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

CVE-2005-0402

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page...

CVE-2005-0402

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page...

security flaw

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute...

security flaw

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

Important: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Vladimir V. Perepelitsa discovered a bug in the way Firefox handles...

Arbitrary code execution from Firefox sidebar panel II — Mozilla

Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to install malicious code or steal data without user...

firefox -- arbitrary code execution in sidebar panel

A Mozilla Foundation Security Advisory reports: Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is the popular next-generation browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2...

GLSA-200503-31 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-31 Mozilla Firefox: Multiple vulnerabilities The following vulnerabilities were found and fixed in Mozilla Firefox: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape...

security flaw

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page...

firefox -- arbitrary code execution from sidebar panel

A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...