Lucene search
K

28 matches found

UbuntuCve
UbuntuCve
added 2018/05/10 12:0 a.m.32 views

CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...

5.3CVSS6.8AI score0.0238EPSS
Exploits0References5
NVD
NVD
added 2014/04/30 10:49 a.m.21 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

6.1CVSS7AI score0.01666EPSS
Exploits0References23
ATTACKERKB
ATTACKERKB
added 2014/04/30 10:49 a.m.3 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

6.1CVSS6.9AI score0.01666EPSS
Exploits0References24
Cvelist
Cvelist
added 2014/04/30 10:0 a.m.22 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

7.2AI score0.01666EPSS
Exploits0References23
OSV
OSV
added 2014/04/29 12:0 a.m.4 views

UBUNTU-CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

6.1CVSS6.7AI score0.01666EPSS
Exploits0References5
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.57 views

Cross-site scripting (XSS) using history navigations — Mozilla

Mozilla security researcher mozbugra4 reported a method to use browser navigations through history to load a website with that page's baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the...

6.1CVSS7.4AI score0.01666EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.54 views

Cross-site scripting (XSS) using timed history navigations — Mozilla

Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the...

4.3CVSS0.9AI score0.0219EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.52 views

Spoofing and script injection through location.hash — Mozilla

Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this...

4.3CVSS8.8AI score0.02513EPSS
Exploits0References2Affected Software5
Rows per page
Query Builder