970 matches found
security flaw
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...
security flaw
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...
security flaw
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...
security flaw
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...
DEBIAN-CVE-2006-3807
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...
Mozilla products fail to properly validate JavaScript constructors
Overview Mozilla products fail to properly validate references returned by JavaScript constructors. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Mozilla Foundation Security Advisory 2006-51: JavaScript functions have a...
Privilege escalation using named-functions and redefined "new Object()" — Mozilla
mozbugra4 discovered that named JavaScript functions have a parent object created using the standard Object constructor ECMA-specified behavior and that this constructor can be redefined by script also ECMA-specified behavior. If the Object constructor is changed to return a reference to a...
CVE-2005-1682
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE...
PT-2005-2659 · Oracle · Javamail Api
Name of the Vulnerable Software and Affected Versions: JavaMail API affected versions not specified Description: The issue concerns the JavaMail API, which does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders. This allows remote...
[Full-Disclosure] iDEFENSE Security Advisory 08.02.04: Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability www.idefense.com/application/poi/display?id=117&type=vulnerabilities August 2, 2004 iDEFENSE Security Advisory 08.02.04: I. BACKGROUND SOAP is an XML-based messaging protocol which defines a set of rules for structuring...