Open redirect

Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect...

Apple Safari cross-domain HTTP redirection race condition

Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...

Adobe Acrobat Plug-In cross domain violation

Overview The Adobe Acrobat Plug-In fails to properly validate user-supplied content, which may allow for cross-site scripting. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view...

Mozilla Foundation Security Advisory 2006-72

Mozilla Foundation Security Advisory 2006-72 Title: XSS by setting img.src to javascript: URI Impact: High Announced: December 19, 2006 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description mozbugra4...

Mozilla products contain several unspecified errors in the layout engine

Overview The Mozilla layout engine contains several unspecified vulnerabilities that may allow an attacker to execute arbitrary code or crash the vulnerable application. Description The Mozilla layout engine, also known as Gecko, is responsible for parsing HTML, XML, CSS, layout, and rendering...

Mozilla contains multiple memory corruption vulnerabilities

Overview Mozilla products contain multiple vulnerabilities that can cause memory corruption. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mozilla products contain multiple bugs that cause the application to crash. In some cases, a crash may be...

Mozilla display style vulnerability

Overview Mozilla products contain an unspecified vulnerability in the way they handle display styles. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Mozilla products contain an unspecified vulnerability in the way they...

FreeBSD : mozilla -- 'Wrapped' javascript: urls bypass security checks (a81746a1-c2c7-11d9-89f7-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source : pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...

mozilla -- privilege escalation via DOM property overrides

A Mozilla Foundation Security Advisory reports: mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileg...

firefox -- arbitrary code execution in sidebar panel

A Mozilla Foundation Security Advisory reports: Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to...

[SA14820] Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox JavaScript Engine Information Disclosu...

javascript can write anything to windows98 registry

here's code from www.4y4y.net:88/ls.html it can write any value to windows98 registry solution: disable JavaScript in InternetExplorer tested on IE5.5 Marcin Jackowski --------------------------------------------------------------- script document.write"APPLET HEIGHT=0 WIDTH=0...

netscape.window.spoof.txt

Date: Tue, 16 Feb 1999 09:46:05 PST From: Georgi Guninski To: [email protected] Subject: Netscape Communicator window spoofing bug There is a bug in Netscape Communicator 3.04,4.06,4.5 Win95 and 4.08 WinNT, which allows "window spoofing". After visiting a hostile page or clicking a hostile lin...

msie4.01-jscript-security.txt

Date: Thu, 28 Jan 1999 04:53:31 PST From: Georgi Guninski To: [email protected] Subject: Javascript %01 bug in Internet Explorer There is a Javascript security bug in Internet Explorer 4.x patched, which circumvents "Cross-frame security" and opens several security holes. The probl...

netscape.4.51.javascript.txt

Date: Tue, 16 Mar 1999 11:09:41 PST From: Georgi Guninski To: [email protected] Subject: Re: Netscape upgrade FYI... Netscape has released version 4.51 of Communicator. It seems to fix the window spoofing bug http://www.geek-girl.com/bugtraq/19991/0747.html , along with the javascript bugs tha...

netscape.title.tag.about.txt

Date: Mon, 24 May 1999 14:24:13 +0300 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator JavaScript in security vulnerability There is a security bug in Netscape Communicator 4.6 Win95, 4.07 Linux guess all 4.x versions are affected in the way they treat JavaScript code...

msie4-autoexec.bat-tdc.txt

Guninski's IE 4 reading AUTOEXEC.BAT. There is a bug in Internet Explorer 4.x patched which allows reading local files and sending them to an arbitrary server. The problem is: if you add '%01someURL' after the an about: URL, IE thinks that the document is loaded from the domain of 'someURL'. This...

netscape.datatrack.txt

Date: Sun, 6 Jun 1999 13:17:04 +0300 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator code injection in JavaScript console using "data:" protocol There is a bug in Netscape Communicator 4.6 Win95, 4.07 Linux probably all 4.x are affected, which allows sniffing URLs fr...

netscape.find.txt

Date: Mon, 8 Mar 1999 19:48:05 +0200 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator find vulnerabilities There is a design flaw in Netscape Communicator 4.5 Win95, 4.08 WinNT I guess all 4.x version are vulnerable which allows the following security exploits: Readin...

PT-1999-1365 · Netscape · Netscape Communicator

Name of the Vulnerable Software and Affected Versions: Netscape Communicator version 4.x Description: The issue concerns Netscape Communicator 4.x with Javascript enabled, where it does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating...