Critical: Red Hat Security Advisory: seamonkey security update

Updated seamonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat...

Critical: Red Hat Security Advisory: firefox security update

An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the...

RHEL 4 / 5 : firefox (RHSA-2009:0256)

An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the...

firefox -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...

Mozilla Firefox 3.x < 3.0.6 Multiple Vulnerabilities

Binary data 4922.prm...

SMF 1.1.7 Cross Site Scripting

SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...

openSUSE 10 Security Update : seamonkey (seamonkey-5880)

The Mozilla SeaMonkey browser suite was updated to version 1.1.14. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...

Technical note: under some conditions, it&#39;s possible to steal HTTP credentials using Flash

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...

Technical Note by Amit Klein: &quot;XST Strikes Back&quot;

Technical note XST Strikes Back or perhaps "Return from the Proxy"... Amit Klein, January 2006 Introduction ============ About three years ago, the concept of "Cross Site Tracing" 1 was introduced to the web application security community. In essence, the classic XST is about amplifying an existi...