185 matches found
The vulnerability of the Mozilla SeaMonkey software package, which allows for cross-site scripting execution
Mozilla SeaMonkey software contains a vulnerability related to errors in security policy settings ignoring Content Security Policy for data: URL during session restoration. Exploiting this vulnerability allows malicious actors to execute cross-site scripts using a specially crafted document, whic...
Mozilla Firefox Spoofing Vulnerability (CNVD-2016-00905)
Mozilla Firefox on Android is an open source web browser based on the Android platform from the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox on Android prior to version 44.0. A remote attacker can exploit the vulnerability by spoofing the address bar with a data...
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1504-1)
Mozilla Firefox was updated to 38.2.1 ESR, fixing two severe security bugs. bsc943608 - MFSA 2015-94/CVE-2015-4497 bsc943557: Use-after-free when resizing canvas element during restyling - MFSA 2015-95/CVE-2015-4498 bsc943558: Add-on notification bypass through data URLs Note that Tenable Network...
openSUSE Security Update : MozillaFirefox (openSUSE-2015-565)
MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox : - update to Firefox 40.0.3 bnc943550 - Disable the asynchronous plugin initialization bmo1198590 - Fix a segmentation fault in the GStreamer support bmo1145230 - Fix a regression...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2723-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2723-1 advisory. A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially...
USN-2723-1 firefox vulnerabilities
A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with th...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling...
Add-on notification bypass through data URLs — Mozilla
Security researcher Bas Venis reported a mechanism where add-ons could be installed from a different source than user expectations. Normally, when a user enters the URL to an add-on directly in the addressbar, warning prompts are bypassed because it is the result of direct user action. He...
Mozilla Firefox Unicode Character Handling Cross-Site Scripting Vulnerability
Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a security vulnerability in the handling of wildcards in the content security policy in 'blob:', 'data:' and filesystem:' URLs, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML...
UBUNTU-CVE-2015-4490
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote...
CVE-2014-1504
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document that is accessed after a browser restart...
SeaMonkey Multiple XSS Vulnerabilities (Feb 2014) - Windows
SeaMonkey is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2012-6463
Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs...
Mozilla Firefox Multiple Vulnerabilities - July12 (Mac OS X)
This host is installed with Mozilla firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnjul12macosx.nasl 5963 2017-04-18 09:02:14Z teissa $ Mozilla Firefox Multiple Vulnerabilities - July12 Mac OS X Authors: Rachana Shetty Copyright: Copyright...
Cross site scripting
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...
CVE-2012-1966
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...
CVE-2012-1966
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...
JavaScript Switcharoo Proof Of Concept 2
/ From: Michal Zalewski Date: Fri, 9 Dec 2011 11:04:22 -0800 Subject: the week of silly PoCs continues: data://www.mybank.com/ Just another short note... this is a somewhat compelling and entirely unnecessary phishing opportunity - and a tiny symptom of the mess with URL handling. Firefox and Ope...
DEBIAN-CVE-2011-4137
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...
CVE-2010-3775
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...