420 matches found
GLSA-200703-05 : Mozilla Suite: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200703-05 Mozilla Suite: Multiple vulnerabilities Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Impact : A remote attacker could entice a user to browse...
Fedora Core 6 : thunderbird-1.5.0.8-1.fc6 (2006-1192)
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute...
Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders HTML with certain layout combinations. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser. This...
Debian DSA-1046-1 : mozilla - several vulnerabilities
Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...
Debian DSA-973-1 : otrs - several vulnerabilities
Several vulnerabilities have been discovered in otrs, the Open Ticket Request System, that can be exploited remotely. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3893 Multiple SQL injection vulnerabilities allow remote attackers to execute...
Design/Logic Flaw
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...
CVE-2006-1045
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...
CVE-2006-1045
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...
CVE-2006-1045
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...
CVE-2006-1045
The CVE affects Mozilla Thunderbird 1.5. When Block loading of remote images in mail messages is enabled, Thunderbird’s HTML rendering engine does not fully block external images in inline HTML attachments. This could allow a remote attacker to obtain sensitive information (e.g., application vers...
CVE-2006-1045
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...
CVE-2006-1045
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...
moz-15.txt
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities //----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : 1.5 Found by : crashfr at sysdream dot com This advisory : crashfr at sysdream dot com Discovery date : 2006/02/18...
[SECURITY] [DSA 973-1] New OTRS packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 973-1 [email protected] http://www.debian.org/security/ Martin Schulze February 15th, 2006 http://www.debian.org/security/faq -...
CVE-2005-3312
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting XSS attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response...
Opera: buffer overflows in 7.11 and 7.20
Background Opera is a multi-platform web browser. Description The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the...
Opera HREF escaped server name overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Opera HREF escaped server name overflow Release Date: 10/20/2003 Application: Opera 7.11, 7.20 Platform: Windows XP/2000 and GNU/Linux 2.4 tested, others may be vulnerable Severity: Remote...
Alan Ward A-Cart 2.0 - MSG Cross-Site Scripting
source: https://www.securityfocus.com/bid/8722/info A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp. An attacker...
CVE-2003-0241
The CVE-2003-0241 issue affects FrontRange GoldMine mail agent, specifically versions 5.70 and 6.00 prior to build 30503. The vulnerability arises when HTML is sent to the default browser without labeling the content as untrusted or setting a secure zone, causing IE to render HTML in a less secur...
Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion
source: https://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that...