33 matches found
Mozilla Firefox Security Advisory (MFSA2015-09) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2012-99) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox ESR < 31.4 Multiple Vulnerabilities
Binary data 701250.prm...
Microsoft Internet Explorer Property Put Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Catalyst Mahara Cross-Site Scripting Vulnerability
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A cross-site scripting vulnerability exists in Catalyst Mahara versions 1.10 before 1.10.9, 15.04 before 15.04.6, and 15.10 before 15.10.2. A remote...
Microsoft Edge Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Edge that allows JavaScript XML DOM objects to detect installed browser extensions. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a malicious website in an attempt to make a user visit it. However, ...
Microsoft Internet Explorer UnitValueProperty Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Ubuntu 14.04 LTS : Firefox regression (USN-2458-3)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2458-3 advisory. USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. Thi...
SeaMonkey < 2.32 Multiple Vulnerabilities
Binary data 8626.prm...
Mozilla Firefox < 35.0 Multiple Vulnerabilities
Binary data 8624.prm...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2458-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2458-1 advisory. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory...
Ubuntu 14.04 LTS : Ubufox update (USN-2458-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2458-2 advisory. USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Tenable has extracted the preceding description block...
XrayWrapper bypass through DOM objects — Mozilla
Mozilla developer Bobby Holley reported that Document Object Model DOM objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation...
KLA10445 ACE vulnerability in Mozilla
Improper DOM objects interaction was found in Mozilla products. By exploiting this vulnerability malicious users can execute arbitrary code. This culnerability can be exploited remotely via unspecified vectors. Original advisories MFSA Related products Mozilla-Firefox Mozilla-SeaMonkey CVE list...
XrayWrappers exposes chrome-only properties when not in chrome compartment — Mozilla
Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only...
SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5057)
Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory...
CVE-2011-2378
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling...
CVE-2011-2378
CVE-2011-2378 affects Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x (and possibly other products). The root cause is improper handling of DOM objects in appendChild, allowing remote attackers to execute arbitrary code via vectors leading to a dangling pointer. Impact...
CVE-2011-2378
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling...
Mandriva Linux Security Advisory : mozilla (MDVSA-2011:127)
Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corrupti...