2 matches found
UBUNTU-CVE-2015-0812
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdoma...
DEBIAN-CVE-2013-2201
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 uploads of media files, 2 editing of media files, 3 installation of plugins, 4 updates to plugins, 5 installation of themes, or 6 updat...