Standalone applications can run arbitrary code through the browser — Mozilla

Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...

CVE-2005-0563

Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...

CVE-2005-0563

Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...

Firefox Remote Compromise Technical Details

Firefox Remote Compromise Technical Details Before I start, I need to say that this thing has been patched on Mozilla's server. If you take a look at any of the extension install pages on their site, you will see that the install function has a bunch of random letters and numbers after it. Even...

CVE-2005-1477

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as...

CVE-2005-1476

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477...

CVE-2005-1155

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...

CVE-2005-1153

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

CVE-2005-1016

Cross-site scripting XSS vulnerability in linksaddform.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

security flaw

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

CVE-2005-1153

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

CVE-2005-1153

CVE-2005-1153 affects Firefox before 1.0.3 and Mozilla Suite before 1.7.7. When a popup is blocked, a javascript: URL executed via the user-visible Show javascript option can lead to remote code execution. The issue is documented in multiple advisories (e.g., RHSA-2005:383/384/386) and affected F...

CVE-2005-0752

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

CVE-2005-0752

The CVE-2005-0752 entry describes a remote code execution via the Plugin Finder Service (PFS) in Firefox, affected when a javascript: URL is used in the PLUGINSPAGE attribute of an EMBED tag. The vulnerability is tied to Firefox versions before 1.0.3, with an exploit occurring through a crafted E...

CVE-2005-0752

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

Arbitrary code execution from Firefox sidebar panel II — Mozilla

Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to install malicious code or steal data without user...

CVE-2005-1016

Cross-site scripting XSS vulnerability in linksaddform.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL...

CVE-2002-2314

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail...