845 matches found
CVE-2005-2703
CVE-2005-2703 affects Firefox up to 1.0.7 and Mozilla Suite up to 1.7.12. The issue lets a remote attacker modify HTTP headers of XML HTTP requests made via XMLHttpRequest, potentially enabling attacks such as HTTP request smuggling or splitting. This is triggered by how XMLHttpRequests are handl...
security flaw
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...
security flaw
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...
Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes — Mozilla
Fixes for multiple vulnerabilities with an overall severity of "critical" have been released in Mozilla Firefox 1.0.7 and the Mozilla Suite 1.7.12 Heap overrun in XBM image processing Critical Crash on "zero-width non-joiner" sequence Critical XMLHttpRequest header spoofing Moderate Object spoofi...
firefox & mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues: Heap overrun in XBM image processing jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to insta...
CPaint 1.3 - xmlhttp Request Input Validation
source: https://www.securityfocus.com/bid/14577/info CPAINT is prone to an input validation vulnerability. This issue occurs because the application fails to properly sanitize malicious scripts and requests from user-supplied input. Successful exploitation of this vulnerability could lead to a...
Opera 8 multiple security vulnerabilities
Crossite scripting on message generation if automatic redirection is disabled. javascript: crossite scripting. XMLHttpRequest object crossite access. Download dialog spoofing. Crossite scripting on image dragging...
SUSE-SA:2005:034: opera
The remote host is missing the patch for the advisory SUSE-SA:2005:034 opera. The web browser Opera has been updated to version 8.01 to fix various security-related bugs. Fixed XMLHttpRequest redirect vulnerability reported in Secunia Advisory 15008. Fixed cross-site scripting vulnerability...
XMLHttpRequest Object security bypass in Opera Web Browser
Overview The Opera Web Browser fails to properly enforce security restrictions on the XMLHttpRequest Object. This may allow a remote, unauthenticated attacker to insert content from potentially malicious web sites. Description The XMLHttpRequest Object is a scripting object that provides routines...
CVE-2005-1475
The CVE-2005-1475 issue affects Opera 8.0 Final Build 1095 where the XMLHttpRequest object could bypass same-origin restrictions due to insufficient validation of server-side redirects, allowing a remote attacker to access resources on other domains and perform actions with the user’s privileges....
CVE-2005-1475
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect...
CVE-2005-1475
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect...
[SA15008] Opera XMLHttpRequest Security Bypass
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
opera -- XMLHttpRequest security bypass
A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user. Normally, it should not be possible for the XMLHttpRequest object to access...
Opera < 8.01 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 8.01 and thus reportedly affected by multiple issues : - It may be possible for a malicious website to spoof dialog boxes. - It may be possible for a XMLHttpRequest object to gain unauthorized access to sensitive data. - The...
CVE-2005-0976
AppleWebKit WebCore and WebKit, as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs...
CVE-2005-0976
AppleWebKit WebCore and WebKit, as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs...
CVE-2005-0976
AppleWebKit-based browsers (WebCore/WebKit) are affected by CVE-2005-0976, which allows remote attackers to read local files via the XMLHttpRequest component. The vulnerability affects Safari 1.2+ and OmniWeb 5.1+ (and other WebKit-based apps using file: URLs), triggered by attacker‑supplied cont...
Galeon < 1.2.2 XMLHttpRequest File / Directory Disclosure
Binary data 1754.prm...
Mozilla < 1.0rc2 XMLHttpRequest File / Directory Disclosure (deprecated)
Binary data 1753.prm...