openSUSE 10 Security Update : seamonkey (seamonkey-6310)

The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 bmo460090,485217 Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with...

Microsoft Windows Search脚本注入漏洞(MS09-023)

BUGTRAQ ID: 35220 CVECAN ID: CVE-2009-0239 Windows Search允许即时搜索大多数公共文件和数据类型，例如电子邮件、联系人、日历约会、文档、照片、多媒体和由第三方扩展的其他格式。 Windows Search通过嵌入式的浏览器向用户预览搜索结果。为了支持非HTML/XML文件，Windows Search会将这类文件转换为HTML，但转换器在转义字符的时候没有执行任何过滤便将文件加载到了内嵌的浏览器中。根据嵌入式浏览器的安全设置，上述本地HTML文件无需用户同意便拥有部分JavaScript执行权限。...

ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability

ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-037 June 10, 2009 -- CVE ID: CVE-2009-1528 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- Vulnerability Details:...

CVE-2009-1528

Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent,...

Memory corruption

Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent,...

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting XSS attacks...

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting XSS attacks...

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting XSS attacks...

CVE-2009-1697

CVE-2009-1697 is a CRLF injection vulnerability in WebKit that can allow remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting exploits using XMLHttpRequest without a Host header. Affected products include Apple Safa...

Mozilla Foundation Security Advisory 2009-19

Mozilla Foundation Security Advisory 2009-19 Title: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString Impact: High Announced: April 21, 2009 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla security researcher mozbugra4...

Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1)

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502 It was discovered that Firefox did not properly handle persistent cookie data. If ...

Ubuntu 7.10 / 8.04 LTS / 8.10 : thunderbird vulnerabilities (USN-701-1)

Several flaws were discovered in the browser engine. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...

Cross site scripting

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

CVE-2009-1309

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

FreeBSD : mozilla -- multiple vulnerabilities (3b18e237-2f15-11de-9672-0030843d3802)

Mozilla Foundation reports : MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites MFSA 2009-19: Same-origin...

CVE-2009-1309

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString — Mozilla

Mozilla security researcher mozbugra4 reported that it is possible to create a document whose URI does not match the document's principal using XMLHttpRequest. This type of mismatch leads to incorrect results in principal-based security checks. An attacker could use this vulnerability to execute...

Ubuntu: Security Advisory (USN-690-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...