Design/Logic Flaw

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

CVE-2014-1527

CVE-2014-1527 affects Mozilla Firefox for Android (Android builds, e.g., Firefox 28.x and earlier; NVD references Firefox before 29.0 on Android). The vulnerability allows remote attackers to spoof the address bar by crafting JavaScript that uses DOM events to prevent reappearance of the real add...

Mozilla Firefox generateCRMFRequest Remote Code Execution (CVE-2012-3993; CVE-2013-1710)

A remote code execution vulnerability has been reported in Mozilla Firefox. The Chrome Object Wrapper COW implementation does not properly interact with failures of InstallTrigger methods. By exploiting this, remote attacker could execute arbitrary JavaScript code with chrome privileges via a...

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

MGASA-2014-0194 Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

Ektron CMS 8.7 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stored Cross Site Scripting in Ektron CMS 8.7 CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N Researcher: Joseph Zeng...

CVE-2014-2866

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code...

Code injection

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code...

CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...

Out-of-bounds

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...

CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...

CVE-2014-1721

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a...

Design/Logic Flaw

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a...

CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...

CVE-2014-1717

Removed by vendor...

Sagem Fast 3304-V2 Authentication Bypass

Title : Sagem F@st 3304-V2 Authentification Bypass Vendor : http://www.sagemcom.com Severity : High Tested on : Firefox, Google Chrome, Internet Explorer Tested Router : Sagem F@st 3304-V2 3304, 3464, 3504 may also be affected Date : 2014-09-04 Author : Yassine Aboukir Contact : [email protected]...

Apple ID Phishing Scam Steals Credentials, Credit Cards

A new email phishing scam is making use of a realistic-looking Apple login page in order to pilfer Apple ID usernames and passwords before moving on to steal user credit card information. According to SANS Internet Storm Center forums member, Craig Cox, this phishing scam is particularly...

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)

Updated otrs package fixes security vulnerability : An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695. %NASLMINLEVEL 70300 C Tenable Network Security,...