Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

USN-352-1: Thunderbird vulnerabilities

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. CVE-2006-4253,...

CVE-2006-4965

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of...

FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)

The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 - MFSA...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-63...

msxss.txt

Hello, I have found that microsoft.com fails to filter html properly on some pages. http://support.microsoft.com/newsgroups/default.aspx?lang=en&cr=US&dg=microsoft.public.ccf&sloc=us';alert'xss this causes javascript to be executed when a user clicks the help link. Someone knows how to get js...

cpanel10.txt

A new vulnerability was found in Cpanel V.10; It happen cause the variable &File of the select.html file in the edit-zone just filter the 's labels and the possibility can by open to other labels like Server Side Include, HMTL labels... including Javascript expressed in other ways An attacker can...

security flaw

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

CVE-2006-0400

CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."...

CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

phpBB <= 2.0.19 XSS Remote Cookie Disclosure Exploit

Exploit for unknown platform in category web applications ==================================================== phpBB tag means that the cursor must pass it in the y direction only. e.g. the mouse only needs to cross a point horrizontaly equal to the link in order for the javascript to be executed...

CVE-2005-4501

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting XSS attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer...

CVE-2005-4150

The CVE-2005-4150 entry describes a Cross-site scripting (XSS) vulnerability in the portal login page of Computer Associates CleverPath 4.7. Affects CleverPath 4.7; the vectors are described as unknown in the provided description. The NVD metrics list a CVSS v2 base score of 4.3 (Medium) with imp...

fuseXSS.txt

This was discovered by myself over the weekend. I cant find out what versions of fusebox this vulnerability is in but seeing as it affects the main fusebox page I can only assume it is the latest v4.1.0 and possibly some older versions. According to the Fusebox site, What is Fusebox? Fusebox is a...

Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is an all-in-one Internet application suite including a web browser, an advanced e-mail and newsgroup client, IRC client and HTML editor. Description The following vulnerabilities were found and fixed in the Mozilla Suite: "mozbugra4" and "shutdown" discovered that th...

Important: Red Hat Security Advisory: mozilla security update

Updated mozilla packages that fix various security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug wa...

CVE-2002-2031

Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results...

CVE-2002-2031

Affected software: Internet Explorer 5.0, 5.0.1 and 5.5. Vulnerability details: When JavaScript execution is enabled, a script tag with a src attribute referencing a non-JavaScript file can be used to determine the existence of arbitrary files, by leveraging the onError event handler to observe r...

FreeBSD : firefox -- PLUGINSPAGE privileged javascript execution (ce6ac624-aec8-11d9-a788-0001020eed82)

A Mozilla Foundation Security Advisory reports : When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute...

horde -- XSS vulnerabilities

A Hyperdose Security Advisory reports: Horde contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and...