FreeBSD : mozilla -- multiple vulnerabilities (29f5bfc5-ce04-11dd-a721-0030843d3802)

The Mozilla Foundation reports : MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-doma...

Mozilla Foundation Security Advisory 2008-67

Mozilla Foundation Security Advisory 2008-67 Title: Escaped null characters ignored by CSS parser Impact: Low Announced: December 16, 2008 Reporter: Kojima Hajime Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description...

Null pointer dereference

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

CVE-2008-5510

CVE-2008-5510 concerns the CSS parser in Mozilla Firefox (3.x up to 3.0.5 and 2.x up to 2.0.0.19), Thunderbird 2.x up to 2.0.0.19, and SeaMonkey 1.x up to 1.1.14, where the escaped null character (\0) is ignored, potentially allowing remote attackers to bypass sanitization protections. The descri...

CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

Critical: Red Hat Security Advisory: firefox security update

An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the...

Firefox null characters ignored by CSS parser

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

RHEL 4 / 5 : firefox (RHSA-2008:1036)

An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domai...

Escaped null characters ignored by CSS parser — Mozilla

Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web application...

[SECURITY] Fedora 9 Update: roundcubemail-0.2-4.beta.fc9

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 8 Update: roundcubemail-0.2-4.beta.fc8

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2008-5551

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection....

Double free

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection....

CVE-2008-5551

Microsoft Internet Explorer 8.0 Beta 2 contains an anti-XSS filter bypass vulnerability (the XSS Filter) that allows XSS by injecting data at two positions in HTML documents (STYLE elements and the CSS expression property), described as a "double injection." The connected OpenVAS entry and relate...

Microsoft Internet Explorer 8 - CSS expression Property Cross-Site Scripting Filter Bypass

Microsoft Internet Explorer 8 - CSS expression Property Cross-Site Scripting Filter Bypass source: https://www.securityfocus.com/bid/32780/info Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site-scripting filter that ...

Microsoft Internet Explorer 8 - CSS 'expression' Property Cross-Site Scripting Filter Bypass

source: https://www.securityfocus.com/bid/32780/info Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site-scripting filter that is designed to prevent cross-site-scripting attacks against vulnerable web applications...

USN-676-1: WebKit vulnerability

It was discovered that WebKit did not properly handle Cascading Style Sheets CSS import statements. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges...