7 matches found
The vulnerability of the Firefox ESR browser allows a malicious individual to circumvent restrictions
Mozilla Firefox ESR contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, due to the permission granted for...
The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to circumvent restrictions
Mozilla SeaMonkey’s software contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper program module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloni...
CVE-2011-2984
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...
Code injection
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...
CVE-2011-2984
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...
Mozilla: Privilege escalation dropping a tab element in content area
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...
Spoofing using custom cursor and CSS3 hotspot — Mozilla
David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using a large, mostly transparent, custom cursor and adjusting the CSS3 hotspot property so that the visible part of the cursor floated outside the browser content area...