15 matches found
Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability
No description provided by source. !-- Mozilla Firefox 'location.hostname' Cross-Domain Vulnerability Software : Mozilla Firefox version 2.0.0.1 and prior CVE reference : CVE-2007-0981 Impact : Security Bypass Risk : Moderate Discovered by : Michal Zalewski http://lcamtuf.coredump.cx/ Advisory Da...
Gentoo Security Advisory GLSA 200703-04 (mozilla-firefox)
The remote host is missing updates announced in advisory GLSA 200703-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200703-08 (seamonkey)
The remote host is missing updates announced in advisory GLSA 200703-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian Security Advisory DSA 1336-1 (mozilla-firefox)
The remote host is missing an update to mozilla-firefox announced via advisory DSA 1336-1. OpenVAS Vulnerability Test $Id: deb13361.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1336-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)
Several flaws have been found that could be used to perform Cross-site scripting attacks. A malicious website could exploit these to modify the contents or steal confidential data such as passwords from other opened web pages. CVE-2006-6077, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981,...
openSUSE 10 Security Update : seamonkey (seamonkey-2691)
This security update brings Mozilla SeaMonkey to version 1.1.1. http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs wer...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)
This update brings Mozilla Firefox to security update version 1.5.0.10. - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume...
[SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1336-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 22nd, 2007 http://www.debian.org/security/faq -...
Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03)
New mozilla-firefox packages are available for Slackware 10.2, and 11.0 to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2007-066-03. The text itself is copyright C...
Mozilla Foundation Security Advisory 2007-07
Mozilla Foundation Security Advisory 2007-07 Title: Embedded nulls in location.hostname confuse same-domain checks Impact: High Announced: February 23, 2007 Reporter: Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description Michal Zalewsk...
Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
Options - Privacy - Show Cookies for login.live.com Gorn, gorn.supportgmailcom 2007-02-19 16:00 -- var mydomain = '127.0.0.1'; var varcook = 'MSPPre=firefoxvulnerabilitytest'; var domcook = 'login.live.com'; if location.hostname == mydomain...
Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability
No description provided by source. !-- Mozilla Firefox 'location.hostname' Cross-Domain Vulnerability Software : Mozilla Firefox version 2.0.0.1 and prior CVE reference : CVE-2007-0981 Impact : Security Bypass Risk : Moderate Discovered by : Michal Zalewski http://lcamtuf.coredump.cx/ Advisory Da...
Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerabil
Exploit for unknown platform in category remote exploits ========================================================================= Mozilla Firefox Options - Privacy - Show Cookies for login.live.com...
CVE-2007-0981
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...
CVE-2007-0981
CVE-2007-0981 affects Mozilla-based browsers (Firefox up to 1.5.0.10 and 2.x up to 2.0.0.2; SeaMonkey up to 1.0.8). The root cause is a handling flaw when location.hostname is modified via a URI containing a null byte, interacting with DNS resolver code, which can bypass the same-origin policy an...