Lucene search
K

13 matches found

RedHat Linux
RedHat Linux
added 2025/03/13 6:57 a.m.8 views

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...

7.3CVSS6.7AI score0.00413EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/10 5:28 a.m.7 views

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...

7.3CVSS6.7AI score0.00413EPSS
Exploits0References7
OSV
OSV
added 2025/03/04 2:15 p.m.5 views

UBUNTU-CVE-2025-1936

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

7.3CVSS6.7AI score0.00413EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/03/04 12:0 a.m.14 views

PT-2025-9661 · Mozilla +10 · Firefox +10

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 136 Firefox ESR versions prior to 128.8 Description: The issue allows jar: URLs to retrieve local file content packaged in a ZIP archive. When retrieving content from the archive, anything after a null character is...

10CVSS6.7AI score0.1307EPSS
Exploits9References396
Ubuntu
Ubuntu
added 2023/05/30 2:31 p.m.70 views

USN-6117-1: Apache Batik vulnerabilities

It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648 It was discovered that Apache Batik incorrectly handled Jar URLs in some...

8.2CVSS7AI score0.13635EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-1240

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195...

5CVSS6.7AI score0.03218EPSS
Exploits1References4
OSV
OSV
added 2022/09/22 3:15 p.m.2 views

DEBIAN-CVE-2022-40146

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...

7.5CVSS7.5AI score0.05791EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/12/09 8:58 a.m.7 views

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS7.4AI score0.03284EPSS
Exploits0References4
Veracode
Veracode
added 2019/10/17 12:22 a.m.31 views

Denial Of Service

OpenJDK is vulnerable to denial of service DoS. It is due to an incorrect handling of nested jar: URLs in Jar URL handler...

3.7CVSS1.4AI score0.03284EPSS
Exploits0References24Affected Software4
Tenable Nessus
Tenable Nessus
added 2009/03/11 12:0 a.m.30 views

GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-23 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard allows ActionScript programs to execute the method without user...

10CVSS6.4AI score0.79426EPSS
Exploits15References18
Gentoo Linux
Gentoo Linux
added 2009/03/10 12:0 a.m.59 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...

10CVSS8.9AI score0.79426EPSS
Exploits15
Prion
Prion
added 2008/11/10 2:12 p.m.27 views

Design/Logic Flaw

Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors...

4.3CVSS5.9AI score0.05138EPSS
Exploits0References18Affected Software1
Cvelist
Cvelist
added 2008/11/10 11:0 a.m.26 views

CVE-2008-4821

Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors...

5.7AI score0.05138EPSS
Exploits0References18
Rows per page
Query Builder