EUVD-2007-5314

Malware in sbrugna...

CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

Deserialization of untrusted data

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

Mozilla Firefox ESR < 60.8

The version of Firefox ESR installed on the remote Windows host is prior to 60.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-22 advisory. - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use,...

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension...

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension...

Design/Logic Flaw

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension...

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension...

CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...

EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1359)

According to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection...

Design/Logic Flaw

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

Mozilla Firefox < 48.0 Multiple Vulnerabilities

Binary data 9484.prm...

Code injection

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop aka dataTransfer actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site...

CVE-2015-0583

Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281...

Thunderbird ESR 17.x < 17.0.8 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird ESR 17.x is prior to 17.0.8 and is, therefore, potentially affected the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701 - Unspecified errors exist related to HTML frames and history handling,...

Firefox ESR 17.x < 17.0.8 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 17.x is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701 - Unspecified errors exist related to HTML frames and history handling,...

FreeBSD : mozilla -- multiple vulnerabilities (f29fea8f-b19f-11dd-a55e-00163e000016)

The Mozilla Foundation reports : MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners same-origin violation MFSA 2008-55 Crash and remote code execution in...

Firefox javascript arbitrary code execution

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() — Mozilla

Mozilla security researcher mozbugra4 reported that mozIJSSubScriptLoader.LoadScript only applied XPCNativeWrappers to scripts loaded from standard chrome: URIs. Add-ons using this feature to load scripts from other schemes such as file: or data: typically dynamically generated scripts and chrome...

Design/Logic Flaw

Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs...