25 matches found
EUVD-2012-6576
Malware in sbrugna...
CVE-2012-10032
Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser...
CVE-2012-10032
Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...
CVE-2012-10032 Maxthon3 about:history XCS Trusted Zone Code Execution
Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...
CVE-2012-10032
Maxthon3 before version 3.3 is vulnerable to cross-context scripting (XCS) via the about:history page. The trusted zone may execute injected script content with privileged context, enabling modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs (e...
CVE-2012-10032
Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...
CVE-2012-10032 Maxthon3 about:history XCS Trusted Zone Code Execution
Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...
Maxthon 3 安全漏洞
Maxthon 3 Maxthon Browser 3 is a browser from the Chinese company Maxthon. A security vulnerability exists in Maxthon 3 Maxthon Browser 3 versions prior to 3.3, which stems from improper handling of about:history page input and could lead to a cross-context scripting attack...
SUSE CVE-2007-3844
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...
Maxthon3 about:history XCS Trusted Zone Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Multiple critical vulnerabilities in Maxthon and Avant browsers
Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon www.maxthon.com - Avant Browser www.avantbrowser.com Security...
Maxthon3 - about:history XCS Trusted Zone Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Maxthon3...
Maxthon3 about:history XCS Trusted Zone Code Execution
Cross Context Scripting XCS is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only...
PT-2025-31984
Name of the Vulnerable Software and Affected Versions Maxthon3 versions prior to 3.3 Description Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS through the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers t...
Firebug Cross Context Scripting
http://www.80vul.com/firefox/Firebug%20Firefox%20Extension%20Cross%20Context%20Scripting%20Vulnerability.htm Firebug Firefox Extension Cross Context Scripting Vulnerability Author: www.80vul.com Email:5up3rh3igmail.com 2011/06/18 - Public Disclosure Description 80vul.com discovered firebug that a...
about: blank windows
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...
about: blank windows
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...
Firefox < 2.0.0.7 Apple QuickTime Plug-In .qtl File qtnext Field Cross-context Scripting
The installed version of Firefox may allow a remote attacker to run script commands subject to the user's privileges via 'qtnext' attributes in QuickTime Media-Link files. Note that this issue can be exploited even if support for JavaScript in the browser has been disabled. C Tenable Network...
CVE-2007-3844
CVE-2007-3844 affects Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and earlier (1.5.0.13), and SeaMonkey 1.1.3. The issue allows remote attackers to perform cross-context scripting (XSS) with chrome privileges by injecting a javascript: or data: link into an about:blank document loaded by chrome ...
Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING
Correct me if I'm wrong but the following description from http://www.securityfocus.com/bid/19928/discuss is wrong: "Attacker-supplied HTML and script code would execute in the context of the affected website" Code is NOT executed within the context of the affected site but rather within LOCAL...