Lucene search
K

185 matches found

BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.4 views

The vulnerability of the Mozilla SeaMonkey software package, which allows for cross-site scripting execution

Mozilla SeaMonkey software contains a vulnerability related to errors in security policy settings ignoring Content Security Policy for data: URL during session restoration. Exploiting this vulnerability allows malicious actors to execute cross-site scripts using a specially crafted document, whic...

2.6CVSS6.8AI score0.02064EPSS
Exploits0References3
CNVD
CNVD
added 2016/02/02 12:0 a.m.4 views

Mozilla Firefox Spoofing Vulnerability (CNVD-2016-00905)

Mozilla Firefox on Android is an open source web browser based on the Android platform from the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox on Android prior to version 44.0. A remote attacker can exploit the vulnerability by spoofing the address bar with a data...

5.3CVSS6.6AI score0.00666EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/09/09 12:0 a.m.26 views

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1504-1)

Mozilla Firefox was updated to 38.2.1 ESR, fixing two severe security bugs. bsc943608 - MFSA 2015-94/CVE-2015-4497 bsc943557: Use-after-free when resizing canvas element during restyling - MFSA 2015-95/CVE-2015-4498 bsc943558: Add-on notification bypass through data URLs Note that Tenable Network...

10CVSS8.4AI score0.08007EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/09/08 12:0 a.m.28 views

openSUSE Security Update : MozillaFirefox (openSUSE-2015-565)

MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox : - update to Firefox 40.0.3 bnc943550 - Disable the asynchronous plugin initialization bmo1198590 - Fix a segmentation fault in the GStreamer support bmo1145230 - Fix a regression...

10CVSS8.3AI score0.08007EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/08/28 12:0 a.m.23 views

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2723-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2723-1 advisory. A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially...

10CVSS8.8AI score0.08007EPSS
Exploits0References3
OSV
OSV
added 2015/08/27 6:21 p.m.9 views

USN-2723-1 firefox vulnerabilities

A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with th...

10CVSS7.4AI score0.08007EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2015/08/27 12:0 a.m.41 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling...

9.4AI score
Exploits0References2
Mozilla
Mozilla
added 2015/08/27 12:0 a.m.48 views

Add-on notification bypass through data URLs — Mozilla

Security researcher Bas Venis reported a mechanism where add-ons could be installed from a different source than user expectations. Normally, when a user enters the URL to an add-on directly in the addressbar, warning prompts are bypassed because it is the result of direct user action. He...

7.5CVSS8.6AI score0.02678EPSS
Exploits0References3Affected Software3
CNVD
CNVD
added 2015/08/19 12:0 a.m.3 views

Mozilla Firefox Unicode Character Handling Cross-Site Scripting Vulnerability

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a security vulnerability in the handling of wildcards in the content security policy in 'blob:', 'data:' and filesystem:' URLs, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML...

4.3CVSS8.6AI score0.02948EPSS
Exploits0References1
OSV
OSV
added 2015/08/11 12:0 a.m.2 views

UBUNTU-CVE-2015-4490

The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote...

4.3CVSS7.2AI score0.02948EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/03/18 12:0 a.m.24 views

CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document that is accessed after a browser restart...

2.6CVSS6.9AI score0.02064EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/02/19 12:0 a.m.31 views

SeaMonkey Multiple XSS Vulnerabilities (Feb 2014) - Windows

SeaMonkey is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS9.3AI score0.07697EPSS
Exploits5References5
NVD
NVD
added 2013/01/02 11:46 a.m.16 views

CVE-2012-6463

Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs...

4.3CVSS5.5AI score0.01351EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/07/23 12:0 a.m.31 views

Mozilla Firefox Multiple Vulnerabilities - July12 (Mac OS X)

This host is installed with Mozilla firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnjul12macosx.nasl 5963 2017-04-18 09:02:14Z teissa $ Mozilla Firefox Multiple Vulnerabilities - July12 Mac OS X Authors: Rachana Shetty Copyright: Copyright...

6.4CVSS0.4AI score0.02219EPSS
Exploits1References6
Prion
Prion
added 2012/07/18 10:26 a.m.16 views

Cross site scripting

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

4.3CVSS5.9AI score0.02199EPSS
Exploits1References18Affected Software2
Cvelist
Cvelist
added 2012/07/18 10:0 a.m.26 views

CVE-2012-1966

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

8.5AI score0.02199EPSS
Exploits1References18
UbuntuCve
UbuntuCve
added 2012/07/17 12:0 a.m.24 views

CVE-2012-1966

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

4.3CVSS7.2AI score0.02199EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2011/12/09 12:0 a.m.47 views

JavaScript Switcharoo Proof Of Concept 2

/ From: Michal Zalewski Date: Fri, 9 Dec 2011 11:04:22 -0800 Subject: the week of silly PoCs continues: data://www.mybank.com/ Just another short note... this is a somewhat compelling and entirely unnecessary phishing opportunity - and a tiny symptom of the mess with URL handling. Firefox and Ope...

Exploits0
OSV
OSV
added 2011/10/19 10:55 a.m.3 views

DEBIAN-CVE-2011-4137

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

5CVSS7AI score0.03024EPSS
Exploits0References1
NVD
NVD
added 2010/12/10 7:0 p.m.18 views

CVE-2010-3775

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...

9.3CVSS6.4AI score0.03796EPSS
Exploits1References21
Rows per page
Query Builder