Design/Logic Flaw

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

CVE-2012-4193

CVE-2012-4193 affects Mozilla Firefox and related Mozilla products (Firefox before 16.0.1, Firefox ESR before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR before 10.0.9, SeaMonkey before 2.13.1). Root cause: a security check in the defaultValue unwrapping of security wrappers is omitted, al...

CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils aka nsDOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions v...

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils aka nsDOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions v...

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils aka nsDOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions v...

CVE-2012-4907

Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page...

CVE-2012-4907

Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page...

Mozilla Firefox Multiple Vulnerabilities - August12 (Mac OS X)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnaug12macosx.nasl 5958 2017-04-17 09:02:19Z teissa $ Mozilla Firefox Multiple Vulnerabilities - August12 Mac OS X Authors: Rachana Shetty Copyright: Copyrig...

CVE-2012-3965

Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...

Code injection

Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...

Code injection

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and...

CVE-2012-3965

Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...

otrs -- XSS vulnerability in Internet Explorer

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. Due to the XSS vulnerability in Internet Explorer an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your Internet Explorer whil...

otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution

The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. Due to the XSS vulnerability in Internet Explorer an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your Internet Explorer while...

Total Shop UK eCommerice Cross Site Scripting

/------------------------------------------------------\ | Total Shop UK eCommerce Generic Cross-Site Scripting | ------------------------------------------------------/ Summary ======= The open source version of Total Shop UK eCommerce based on CodeIgniter version 2.1.2 is subject to a cross-sit...

MS12-037 Microsoft Internet Explorer Fixed Table Col Span Heap Overflow

This module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code. This module requires Metasploit: https://metasploit.com/download Current source...

Mozilla Firefox Multiple Vulnerabilities - July12 (Mac OS X)

This host is installed with Mozilla firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnjul12macosx.nasl 5963 2017-04-18 09:02:14Z teissa $ Mozilla Firefox Multiple Vulnerabilities - July12 Mac OS X Authors: Rachana Shetty Copyright: Copyright...

CVE-2012-2844

The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service incorrect object access or possibly have unspecified other impact via a crafted document...