106 matches found
DSA-1532-1 xulrunner
Bulletin has no description...
Java socket connection to any local port via LiveConnect — Mozilla
Security researcher Gregory Fleischer demonstrated that web content fetched via the jar: protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the user's machine "localhost". The issue is caused by improper parsing of the content origin passed from the browser to...
Mozilla Suite/Firefox Navigator Object Code Execution
This module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed. This module requires Metasploit: https://metasploit.com/download Current source:...
Mozilla SuiteFirefox 1.5.0.5 - Navigator Object Code Execution (Metasploit)
Mozilla SuiteFirefox 1.5.0.5 - Navigator Object Code Execution Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Mozilla Suite/Firefox < 1.5.0.5 Navigator Object Code Execution
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
CVE-2004-1029
The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using th...
CVE-2004-1753
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindowNULL calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs...
Sun Java Plugin may create temporary files with predictable names
Overview The Sun Java Plugin may allow remote users to create files with arbitrary content in a specific location. Description From the Sun Java Plugin page:Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE, establishes a connection between popular...
Sun Java plugin sandbox protection bypass
It's possible to break sandbox protection and access local files and applications...
CVE-2004-1753
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindowNULL calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs...
Sun Java plugin privilege escalation
It's possible to access few internal classes...
FreeBSD : jdk/jre -- Security Vulnerability With Java Plugin (81)
The following package needs to be updated: diablo-jdk %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgac619d063ef811d98741c942c075aa41.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
CVE-2004-1029
The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using th...
CVE-2004-1029
The vulnerability CVE-2004-1029 affects Sun Java Plug-in in JRE 1.4.2_01, 1.4.2_04, and possibly earlier versions, where data transfer between JavaScript and Java applets fails to restrict access. The root cause is improper isolation that allows a remote attacker to use reflection to access priva...
jdk/jre -- Security Vulnerability With Java Plugin
The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code...
iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability
Sun Java Plugin Arbitrary Package Access Vulnerability iDEFENSE Security Advisory 11.22.04 www.idefense.com/application/poi/display?id=158&type=vulnerabilities November 22, 2004 I. BACKGROUND Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE,...
[Full-Disclosure] Sun Java Plugin arbitrary package access vulnerability
OVERVIEW ======== Sun Microsystem's Java Plugin connects the Java technology to web browsers and allows the use of Java Applets. Java Plugin technology is available for numerous platforms and supports major web browsers. A vulnerability in Java Plugin allows an attacker to create an Applet which...
Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass source: https://www.securityfocus.com/bid/11726/info A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in...
Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
source: https://www.securityfocus.com/bid/11726/info A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code...
[Full-Disclosure] Cross Site Java applets
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-Site Java breaks Sandbox Isolation for Unsigned Applets ============================================================= Product : Java Plugin Version : 1.4.201 OS : Win32 should apply for other OSs too URL : http://java.sun.com Found by : Marc...