CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

Design/Logic Flaw

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via...

CVE-2009-0419

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via...

CVE-2009-0357

CVE-2009-0357 affects Mozilla Firefox (before 3.0.6) and SeaMonkey (before 1.1.15). The vulnerability stems from not properly restricting access from web pages to the Set-Cookie/Set-Cookie2 HTTP response headers, allowing an attacker to read cookie data via XMLHttpRequest calls and potentially ex...

Firefox 3.0.x < 3.0.6 Multiple Vulnerabilities

The installed version of Firefox 3.0.x is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. MFSA 2009-01 - A chrome XBL method can be...

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

firefox -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...

CVE-2009-0411

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...

CVE-2009-0411

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...

XMLHttpRequest allows reading HTTPOnly cookies — Mozilla

Developer and Mozilla community member Wladimir Palant reported that cookies marked HTTPOnly were readable by JavaScript via the XMLHttpRequest.getResponseHeader and XMLHttpRequest.getAllResponseHeaders APIs. This vulnerability bypasses the security mechanism provided by the HTTPOnly flag which...

Debian: Security Advisory (DSA-1704-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome < 1.0.154.46 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 1.0.154.46. Such versions are reportedly affected by several issues : - Cross-site scripting vulnerabilities in the Adobe Reader Plugin itself could be leveraged using a PDF document to run scripts on arbitrary sites via...

Debian DSA-1707-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS...

Debian DSA-1704-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that mig...

[SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1704 [email protected] http://www.debian.org/security/ Steffen Joeris January 14, 2009 http://www.debian.org/security/faq -...

DSA-1704-1 xulrunner - several vulnerabilities

Bulletin has no description...

Ubuntu USN-701-2 (mozilla-thunderbird)

The remote host is missing an update to mozilla-thunderbird announced via advisory USN-701-2. Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges...

IE Print Table of Links Cross-Zone Scripting

No description provided by source. html body 点击选项，选中打印链表列表，点打印 a href=”http://www.bl.com?zzz=dsasad script defer var ForWriting = 2; var strFile = ‘c:\test2.js’; var objFSO = new ActiveXObject’Scripting.FileSystemObject’; var objStream = objFSO.OpenTextFilestrFile,ForWriting,true,false;...

USN-701-2: Thunderbird vulnerabilities

Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...

USN-701-1: Thunderbird vulnerabilities

Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...