OpenJDK: JDBC driver manager improper toString calls (CanSecWest 2013, Libraries, 8009814)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

CVE-2013-1488

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

CVE-2013-1488

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

CVE-2013-1488

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

CVE-2013-0748

The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR...

Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)

The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR...

Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)

The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR...

Магические методы, сериализация, инъекции в сессию и все-все-все

==-1== Введение Изначально писал для себя, как небольшой сборник полезных идей, в итоге вылилось вот в такую статью. Особого опыта в написании публикаций у меня нет, так что ногами не пинать, я старался Перед переходом к практическим примерам рассмотрим теоретически основы используемых функций...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

CVE-2005-0141

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab...

security flaw

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab...

Sandbox `__toString()` policy bypass via dynamic mapping keys

More info at https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys...

Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

More info at https://symfony.com/cve-2026-47732...