Mozilla Firefox Multiple Vulnerabilities (Jul 2008) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox/SeaMonkey/Thunderbird多个远程漏洞

BUGTRAQ ID: 31346 CVE ID: CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-3836 CVE-2008-3835 CVE-2008-0016 CNCVE ID：CNCVE-20083837 CNCVE-20084058...

Code injection

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

CVE-2008-4058

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

Mozilla privilege escalation via XPCnativeWrapper pollution

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

CVE-2008-4058

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

Code injection

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

CVE-2008-2803

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

CVE-2008-2803

CVE-2008-2803 affects Mozilla Firefox <= 2.0.0.14/2.0.0.15? and SeaMonkey

Mozilla Foundation Security Advisory 2008-25

Mozilla Foundation Security Advisory 2008-25 Title: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript Impact: Critical Announced: July 1, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0 Firefox 2.0.0.15 SeaMonkey 1.1.10 Description Mozilla...

Firefox javascript arbitrary code execution

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

Firefox javascript arbitrary code execution

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() — Mozilla

Mozilla security researcher mozbugra4 reported that mozIJSSubScriptLoader.LoadScript only applied XPCNativeWrappers to scripts loaded from standard chrome: URIs. Add-ons using this feature to load scripts from other schemes such as file: or data: typically dynamically generated scripts and chrome...

Debian Security Advisory DSA 1401-1 (iceape)

The remote host is missing an update to iceape announced via advisory DSA 1401-1. OpenVAS Vulnerability Test $Id: deb14011.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1401-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities

Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-536-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-5339, CVE-2007-5340 Flaws were discovered in the file upload form control. By tricking a user int...

Debian DSA-1392-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access to the address of...

USN-536-1: Thunderbird vulnerabilities

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-5339, CVE-2007-5340 Flaws were discovered in the file upload form control. By tricking a user int...

Mozilla Foundation Security Advisory 2007-35

Mozilla Foundation Security Advisory 2007-35 Title: XPCNativeWraper pollution using Script object Impact: Critical Announced: October 18, 2007 Reporter: mozbugra4 Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description Mozilla security researcher mozbugra4 reported that...

USN-535-1: Firefox vulnerabilities

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-5336, CVE-2007-5339, CVE-2007-5340 Michal Zalewski discovered that the onUnload event handlers we...