EUVD-2007-1672

Malware in sbrugna...

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn. The malicious functionalities include the...

Fizzle 0.5 RSS Feed HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...

fizzle-access.txt

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...

Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

Cross site scripting

Cross-site scripting XSS vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler...

CVE-2007-1678

Cross-site scripting XSS vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler...

CVE-2007-1678

Cross-site scripting XSS vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler...

CVE-2007-1678

The CVE-2007-1678 entry concerns a Cross-site Scripting (XSS) vulnerability in the Firefox extension Fizzle 0.5. The issue arises when processing RSS feeds, whose content can be injected and is executed by the chrome: URI handler. The vulnerability affects the Fizzle 0.5 extension and enables rem...

Fizzle 0.5 - RSS Feed HTML Injection

Fizzle 0.5 - RSS Feed HTML Injection source: https://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

[Full-disclosure] Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

Mozilla Fizzle addon crossite access

No description provided...