EUVD-2006-2784

Malware in sbrugna...

SUSE CVE-2006-2787

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

SUSE CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...

Remote Code Execution (RCE)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution Or Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution Or Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution Or Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvuln01nov12win.nasl 6018 2017-04-24 09:02:24Z teissa $ Mozilla Firefox Multiple Vulnerabilities-01 November12 Windows Authors: Rachana Shetty Copyright: Copyrigh...

Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)

This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvuln01nov12win.nasl 5950 2017-04-13 09:02:06Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities-01 November12 Windows Authors: Arun Kallavi...

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121120)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20121120)

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2012:1482 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVS...

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...

CVE-2012-4201

CVE-2012-4201 is a concrete Firefox/XULRunner/Thunderbird/SeaMonkey vulnerability: the evalInSandbox path mishandles the context when processing JavaScript that sets location.href, enabling remote XSS or read access to arbitrary files via a sandboxed add-on. Affected software includes Mozilla Fir...

Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...

evalInSanbox location context incorrectly applied — Mozilla

Mozilla security researcher mozbugra4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious we...

Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. MFSA 2006-35, CVE-2006-2775 Paul Nickerson discovered that content-defined setters o...

security flaw

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

security flaw

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...