836 matches found
Design/Logic Flaw
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...
CVE-2012-5624
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...
CVE-2012-5624
CVE-2012-5624 affects Qt 4.x where the XMLHttpRequest implementation could be redirected from http to the file: URL scheme, enabling a man‑in‑the‑middle attacker to trigger reads of local files in a QML application. The root cause is improper handling of redirects in XMLHttpRequest, allowing acce...
CVE-2012-5624
Removed by vendor...
CORS requests can omit the preflight request
Cross-Origin Resource Sharing CORS requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as part of thei...
security update to Firefox 17.0 and other Mozilla based packages (important)
update to Firefox/Thunderbird 17.0 and Seamonkey 2.14 bnc790140 MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrect...
Fedora 17 : qt-4.8.4-1.fc17 (2012-19759)
New bugfix release, see also: http://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/ This release also includes a security fix for: QML XmlHttpRequest Insecure Redirection http://lists.qt-project.org/pipermail/announce/2012-November/000014.ht ml Note that Tenable Network Security has extract...
Fedora 18 : qt-4.8.4-1.fc18 (2012-19673)
New bugfix release, see also: http://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/ This release also includes a security fix for: QML XmlHttpRequest Insecure Redirection http://lists.qt-project.org/pipermail/announce/2012-November/000014.ht ml Note that Tenable Network Security has extract...
CVE-2012-5624
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application...
SeaMonkey 2.x < 2.14 Multiple Vulnerabilities
Binary data 6626.prm...
Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)
This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvuln02nov12win.nasl 5999 2017-04-21 09:02:32Z teissa $ Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 Windows Authors: Arun Kallavi Copyright:...
Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Mac OS X)
This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvuln02nov12macosx.nasl 6074 2017-05-05 09:03:14Z teissa $ Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 Mac OS X Authors: Arun Kallavi Copyright...
Mozilla Firefox Multiple Vulnerabilities-02 (Nov 2012) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvuln02nov12macosx.nasl 5988 2017-04-20 09:02:29Z teissa $ Mozilla Firefox Multiple Vulnerabilities-02 November12 Mac OS X Authors: Rachana Shetty Copyright:...
Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows)
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvuln02nov12win.nasl 6022 2017-04-25 12:51:04Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities-02 November12 Windows Authors: Arun Kallavi...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)
Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript...
CVE-2012-4205
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...
Cross site request forgery (csrf)
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...
CVE-2012-4205
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...
CVE-2012-4205
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...