openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)

Changes in xulrunner : - update to 17.0 bnc790140 - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrectly appli...

Debian Security Advisory DSA 2513-1 (iceape - several vulnerabilities)

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-1948Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code. CVE-2012-1954Abhishe...

security update to Firefox 17.0 and other Mozilla based packages (important)

update to Firefox/Thunderbird 17.0 and Seamonkey 2.14 bnc790140 MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrect...

Debian DSA-2513-1 : iceape - several vulnerabilities

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2012-1948 Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code. - CVE-2012-1954...

Code execution through javascript: URLs — Mozilla

Mozilla security researcher mozbugra4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are execute...

DSA-2513-1 iceape - several vulnerabilities

Bulletin has no description...

Debian DSA-2437-1 : icedove - several vulnerabilities

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to JavaScript URLs could be bypassed. - CVE-2012-0456 Atte Kettunen discovered an out of...

UBUNTU-CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors...

Design/Logic Flaw

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors...

CVE-2011-3887

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors...

javascript: URLs in chrome documents (MFSA 2011-08)

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...

Mozilla cross-site information disclosure via modal calls

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

CVE-2008-7190

Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting XSS...

Google Chrome Timeout XSS Vulnerability

Google Chrome is prone to XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The links panel can allow cross-site scripting

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated...

FreeBSD : opera -- multiple vulnerabilities (0e30e802-a9db-11dd-93a2-000bcdf0a03b)

Opera reports : When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuratio...

Opera Web Browser Command Execution and XSS Vulnerabilities - Windows

Opera Web Browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Web Browser Command Execution and XSS Vulnerabilities (Linux)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Linux Authors: Chandan S Copyright: Copyright c 20...

Opera Web Browser Command Execution and XSS Vulnerabilities (Windows)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Windows Authors: Chandan S Copyright: Copyright c...

Apple Safari vulnerable to xss via the processing of JavaScript URLs

Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...