23 matches found
Exploit for CVE-2026-40564
CVE-2026-40564: SSRF via FlinkSessionJob.spec.job.jarURI in fl...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...
CVE-2026-40564
Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...
CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...
EUVD-2026-31846
Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...
CVE-2026-40564
The CVE concerns Apache Flink Kubernetes Operator where FlinkSessionJob.jarURI is not validated. In versions 1.3.0 through 1.14.x (up to 1.15.0), a user with CR create permissions can cause the operator pod to fetch arbitrary URLs or access the pod’s filesystem via the jarURI, enabling SSRF and l...
PT-2026-43265
Name of the Vulnerable Software and Affected Versions Apache Flink Kubernetes Operator versions 1.3.0 through 1.14.x Description A Server-Side Request Forgery SSRF and local file access issue exists where the jarURI in FlinkSessionJob is not validated. This allows a user with CR create permission...
Scientific Linux Security Update : firefox on SL5.x, SL4.x i386/x86_64
A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. CVE-2007-5947 Several flaws were found in the way Firefox processed certain...
Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64
A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. CVE-2007-5947 Several flaws were found in the way SeaMonkey processed...
Mozilla Firefox 10.0 Local Null Byte Bypass File Check Execution
...
view-source: protocol
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
view-source: protocol
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
Design/Logic Flaw
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1307
CVE-2009-1307 is evidenced in connected documents as a vulnerability in the view-source: URI handling in Mozilla Firefox before 3.0.9 (also affecting Thunderbird and SeaMonkey) that breaks the Same Origin Policy. It enables remote attackers to bypass cross-domain restrictions and connect to arbit...
view-source: protocol
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
Mozilla Foundation Security Advisory 2007-37
Mozilla Foundation Security Advisory 2007-37 Title: jar: URI scheme XSS hazard Impact: High Announced: November 26, 2007 Reporter: Jesse Ruderman, Petko D. Petkov, beford.org Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.10 SeaMonkey 1.1.7 Description The jar: URI scheme was introduced as ...
Firefox < 2.0.0.10 Multiple Vulnerabilities
The installed version of Firefox is affected by various security issues : - Three bugs that can result in crashes with traces of memory corruption - A cross-site scripting vulnerability involving support for the 'jar:' URI scheme - A timing issue when setting the 'window.location' property that...
jar: URI scheme XSS hazard — Mozilla
The jar: URI scheme was introduced as a mechanism to support digitally signed web pages, enabling web sites to load pages packaged in zip archives containing signatures in java-archive format...