27 matches found
Design/Logic Flaw
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
CVE-2014-1583
CVE-2014-1583 affects Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2; the Alarm API’s toJSON calls were not properly restricted, allowing remote attackers to bypass the Same Origin Policy by crafting API calls to access sensitive information in an alarm’s JSON data. Impact is cross-...
Mozilla: Accessing cross-origin objects via the Alarms API (MFSA 2014-82)
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
RHEL 6 / 7 : firefox (RHSA-2014:1635)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1635 advisory. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2372-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2372-1 advisory. Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard, Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole and Jeff Walden...
UBUNTU-CVE-2014-1583
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
CVE-2014-1583
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...