13 matches found
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
UBUNTU-CVE-2025-1936
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...
PT-2025-9661 · Mozilla +10 · Firefox +10
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 136 Firefox ESR versions prior to 128.8 Description: The issue allows jar: URLs to retrieve local file content packaged in a ZIP archive. When retrieving content from the archive, anything after a null character is...
USN-6117-1: Apache Batik vulnerabilities
It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648 It was discovered that Apache Batik incorrectly handled Jar URLs in some...
SUSE CVE-2008-1240
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195...
DEBIAN-CVE-2022-40146
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...
Denial Of Service
OpenJDK is vulnerable to denial of service DoS. It is due to an incorrect handling of nested jar: URLs in Jar URL handler...
GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200903-23 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard allows ActionScript programs to execute the method without user...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...
Design/Logic Flaw
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors...
CVE-2008-4821
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors...