Cross site request forgery (csrf)

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

CVE-2014-1552

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

CVE-2014-1552

CVE-2014-1552 is referenced in a 2014 Mozilla/Firefox advisory set (SUSE-SU-2014:0960-1) and in MFSA2014-66, with openVAS entries tying Firefox-related advisories to this CVE. The SUSE advisory lists CVE-2014-1552 among fixed items for Mozilla products, and shows a high severity/impact context (c...

CVE-2014-1552

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

RHEL 6 : Red Hat Enterprise MRG Grid 2.2 (RHSA-2012:1281)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1281 advisory. Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased...

Vilistextum 2.6.6 HTML Attribute Parsing Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11979/info Vilistextum is prone to a buffer overflow vulnerability. This issue is exposed when the application parses HTML attributes while converting an HTML file to text/ASCII. Since HTML files will likely originate fro...

Geeklog 1.3.5 HTML Attribute Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5270/info A cross site scripting vulnerability has been reported for Geeklog. Reportedly, Geeklog does not properly sanitize user supplied input before being included when posting comments or writing stories. Geeklog make...

Opera 7.0 JavaScript Console Attribute Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script...

Microsoft Internet Explorer 7/8 HTML Attribute JavaScript URI Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35455/info Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior. An attacker may exploit this issue to bypass restrictions on the...

Opera 7.0/7.10 JavaScript Console Single Quote Attribute Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7449/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script...

PHP PEAR <= 1.5.3 INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribute to create and overwrite fil...

MS Internet Explorer <= 6.0.2900 SP2 (CSS Attribute) Denial of Service

No description provided by source. !-- Internet Explorer = 6.0.2900 SP2 suffers from a DoS vulnerability in which a remote users Internet Explorer session can be crashed when hovering their cursor over a specially made table. The fault occurs when the position CSS attribute is set to a table. Thi...

smack: IQ response spoofing

It was found that the ParseRoster component in the Smack XMPP API did not verify the From attribute of a roster-query IQ stanza. A remote attacker could use this flaw to spoof IQ responses...

smack: IQ response spoofing

It was found that the ParseRoster component in the Smack XMPP API did not verify the From attribute of a roster-query IQ stanza. A remote attacker could use this flaw to spoof IQ responses...

Faceless: Tap Jacking Attack on Button Tags

UI Redressing Tap jacking attack may trick users into tapping a specifically crafted malicious App popup window e.g. toast view, making it a gateway for varied threats such as framing attack. Using this technique, a malicious App could potentially trick a user into making purchases, clicking on...

Kernel: filter: prevent nla extensions to peek beyond the end of the message

The 1 BPFSANCNLATTR and 2 BPFSANCNLATTRNEST extension implementations in the skrunfilter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service integer underflow and...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

CVE-2014-4509

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager aka IDM 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters...

CVE-2014-4509

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager aka IDM 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters...

openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)

This update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...