836 matches found
CVE-2015-0828
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...
CVE-2015-0828
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...
CVE-2015-0828
Mode C: The CVE-2015-0828 issue is a Double-free in Mozilla Firefox's nsXMLHttpRequest::GetResponse when a nonstandard memory allocator is used, allowing remote code execution or heap corruption via a crafted 0-byte XMLHttpRequest. Affected versions are Firefox prior to 36.0; remediation per conn...
CVE-2015-0828
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...
eYou邮件系统邮件正文存储型XSS2(内附eYouXSS影响证明)
简要描述: 新玩意儿,影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏,导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。 详细说明: 新玩意儿,影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏,导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。内有POC (wooyun上有一些关于eyou邮件正文型XSS的报告,你们给的回应全都是“已有解决方案”、“问题已知,谢谢报告”。然而测试了几所大学的邮件系统,全都没修复,感觉你们是在逗我.....) 漏洞证明:...
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1654-1)
This MozillaThunderbird update fixes several security and non security issues : Changes in MozillaThunderbird : - update to Thunderbird 31.3.0 bnc908009 - MFSA 2014-83/CVE-2014-1587 Miscellaneous memory safety hazards - MFSA 2014-85/CVE-2014-1590 bmo1087633 XMLHttpRequest crashes with some input...
openSUSE Security Update : seamonkey (openSUSE-SU-2014:1656-1)
seamonkey was updated to version 2.31 to fix eight security issues. These security issues were fixed : - Miscellaneous memory safety hazards CVE-2014-1587, CVE-2014-1588. - XBL bindings accessible via improper CSS declarations CVE-2014-1589. - XMLHttpRequest crashes with some input streams...
openSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)
seamonkey was updated to version 2.31 to fix 20 security issues. These security issues were fixed : - Miscellaneous memory safety hazards CVE-2014-1587, CVE-2014-1588. - XBL bindings accessible via improper CSS declarations CVE-2014-1589. - XMLHttpRequest crashes with some input streams...
Mozilla Firefox Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2014) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
CVE-2014-1590
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...
CVE-2014-1590
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...
CVE-2014-1590
CVE-2014-1590 affects Mozilla Firefox (before 34.0), Firefox ESR (31.x before 31.3), Thunderbird (before 31.3), and SeaMonkey (before 2.31). The issue is a denial of service caused by an error when passing a crafted JavaScript object to XMLHttpRequest.prototype.send. Remediation is to upgrade to ...
FreeBSD : mozilla -- multiple vulnerabilities (7ae61870-9dd2-4884-a2f2-f19bb5784d09)
The Mozilla Project reports : ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...
USN-2428-1 thunderbird vulnerabilities
Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service...
USN-2428-1: Thunderbird vulnerabilities
Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service...
Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...
Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...
CVE-2014-1590
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...