185 matches found
Code injection
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...
CVE-2010-3775
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...
CVE-2010-3775
Affected software and cause: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, fail to properly handle certain redirections involving data: URLs and Java LiveConnect scripts, leading to the wrong security principal being used. Impact: remote attackers could start...
CVE-2010-3775
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...
Data URLs with executables and misleading download dialog
The data URL scheme allows authors to embed binary files,instead of using links to external files. Data URLscontaining file types that Opera can display are renderedinline; other file types will be handled by Opera'sdownload dialog. A bug in Opera's file download handling causes the downloaddialo...