242 matches found
security flaw
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...
security flaw
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting XSS attacks by opening a blocked popup originating from a javascript: URI in...
security flaw
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...
security flaw
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting XSS attacks by opening a blocked popup originating from a javascript: URI in...
DEBIAN-CVE-2007-0341
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than...
Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI
Overview Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded. Description A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security...
Double free
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...
CVE-2007-0046
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...
DEBIAN-CVE-2006-6503
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting XSS protection by changing the src attribute of an IMG element to a javascript: URI...
CVE-2006-6503
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting XSS protection by changing the src attribute of an IMG element to a javascript: URI...
Mozilla Foundation Security Advisory 2006-72
Mozilla Foundation Security Advisory 2006-72 Title: XSS by setting img.src to javascript: URI Impact: High Announced: December 19, 2006 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description mozbugra4...
security flaw
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting XSS protection by changing the src attribute of an IMG element to a javascript: URI...
XSS by setting img.src to javascript: URI — Mozilla
mozbugra4 reported that the src attribute of an IMG element loaded in a frame could be changed to a javascript: URI that was able to bypass the protections against cross-site script XSS injection. The injected script could steal credentials and financial data, or perform destructive actions on...
CVE-2006-4706
Cross-site scripting XSS vulnerability in inc/functionspost.php in MyBB aka MyBulletinBoard 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated usin...
CVE-2006-3761
Cross-site scripting XSS vulnerability in inc/functionspost.php in MyBB aka MyBulletinBoard 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javacript"...
CVE-2006-3609
Cross-site scripting XSS vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the pagename parameter with an IMG tag containing a javascript URI in the SRC attribute...
CVE-2006-3548
Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a 1 javascript URI or an external 2 http, 3 https, or 4 ftp URI in the url parameter in services/go.php a...
PT-2006-4106 · Unknown · Cjguestbook
Name of the Vulnerable Software and Affected Versions: cjGuestbook versions 1.3 and earlier Description: The issue concerns a cross-site scripting XSS vulnerability. It allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...
CVE-2006-2991
Multiple cross-site scripting XSS vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in 1 next.cgi, 2 stats.cgi, or 3 list.cgi...
CVE-2006-2991
CVE-2006-2991 describes multiple XSS vulnerabilities in Ringlink 3.2. The issue arises via a JavaScript URI in the SRC attribute of an IMG element (ringid parameter) in next.cgi, stats.cgi, or list.cgi. Affected component: Ringlink 3.2; vulnerability class: cross-site scripting; impact per NVD me...