Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2009-3988

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via crafted...

5CVSS5.9AI score0.02147EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2010/02/19 12:0 a.m.31 views

FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede)

Mozilla Project reports : MFSA 2010-05 XSS hazard using SVG document and binary Content-Type MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain MFSA 2010-03 Use-after-free crash in HTML parser MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability MFSA 2010-0...

10CVSS8.1AI score0.06392EPSS
Exploits4References11
RedHat Linux
RedHat Linux
added 2010/02/17 9:12 p.m.6 views

Mozilla violation of same-origin policy due to properties set on objects passed to showModalDialog (MFSA 2010-04)

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via crafted...

5CVSS5.7AI score0.02147EPSS
Exploits1References4
Mozilla
Mozilla
added 2010/02/17 12:0 a.m.42 views

XSS due to window.dialogArguments being readable cross-domain — Mozilla

Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and...

5CVSS0.9AI score0.02147EPSS
Exploits1References2Affected Software2
CERT
CERT
added 2002/09/16 12:0 a.m.39 views

Microsoft Internet Explorer contains cross-site scripting vulnerabilities in local HTML resources

Overview Microsoft Internet Explorer IE includes several local HTML resources that contain cross-site scripting vulnerabilities. These resources use the dialogArguments property of dialog frames insecurely, allowing an attacker to execute arbitrary script in the Local Machine Zone. Description...

7.6AI score
Exploits0References26
securityvulns
securityvulns
added 2002/05/16 12:0 a.m.31 views

MS02-023 does not patch actual issue!

Hello, Microsoft released a cumulative patch yesterday, which, among other issues, allegedly patches the dialogArguments vulnerability http://jscript.dk/adv/TL002/. In their bulletin Microsoft makes several severe errors: 1. "A cross-site scripting vulnerability in a Local HTML Resource..." No,...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2002/05/16 12:0 a.m.51 views

Update and comments on the MS02-023 patch, holes still remain

The latest cumulative patch from Microsoft, http://www.microsoft.com/technet/security/bulletin/MS02-023.asp , promises to eliminate "six newly discovered vulnerabilities", but fails to do so. First, we find what MS calls "A cross-site scripting vulnerability in a Local HTML Resource". This is...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2002/04/17 12:0 a.m.57 views

IE allows universal Cross Site Scripting (TL#002)

Thor Larholm security advisory TL002 ------------------------------------- By Thor Larholm, Denmark. 16 April 2002 HTML Format: http://jscript.dk/adv/TL002/ Topic: IE allows universal Cross Site Scripting. Discovery date: 18 March 2002. Severity: High Affected applications: ----------------------...

0.4AI score
Exploits0
Rows per page
Query Builder