Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2007/10/19 3:36 p.m.5 views

about: blank windows

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...

4.3CVSS7.3AI score0.05447EPSS
Exploits2References4
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.34 views

XPCNativeWraper pollution using Script object — Mozilla

Mozilla security researcher mozbugra4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same...

9.3CVSS3.5AI score0.03153EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2007/07/27 10:30 p.m.26 views

CVE-2007-4041

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte %00 and shell metacharacters in a 1 mailto, 2 nntp, 3 news, 4 snews, or 5 telnet URI, a similar issue to CVE-2007-3670...

6.8CVSS7.8AI score0.19655EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/07/27 10:0 p.m.33 views

CVE-2007-4038

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which...

9.2AI score0.01112EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.140 views

Mozilla Foundation Security Advisory 2007-22

Mozilla Foundation Security Advisory 2007-22 Title: File type confusion due to 00 in name Impact: Low Announced: July 17, 2007 Reporter: Ronald van den Heetkamp Products: Firefox Fixed in: Firefox 2.0.0.5 Description Ronald van den Heetkamp reported that a filename URL containing 00 encoded null...

6.8CVSS0.01751EPSS
Exploits3
Rows per page
Query Builder