CVE-2016-1958

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL...

CVE-2016-1958

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL...

Microsoft Windows Media Player 7.0 Javascript URL Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2167/exploit Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from within the Windo...

CVE-2013-2583

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript: URL, 2 malformed nested...

Mandriva Linux Security Advisory : otrs (MDVSA-2013:112)

Updated otrs package fixes security vulnerabilities : Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allo...

CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark...

CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

Firefox < 14.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 14.0 and thus, is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. CVE-2012-1948, CVE-2012-1949 - An error related to drag and drop can all...

SeaMonkey < 2.11.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.11.0. Such versions are potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. CVE-2012-1948, CVE-2012-1949 - Several memory safety issues...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1510-1)

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly explo...

Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting XSS protection mechanisms via a feed:javascript: URL...

Mozilla Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities

Binary data 801364.prm...

Mozilla: Escalation of privilege with Javascript: URL as home page (MFSA 2012-16)

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which...

Mozilla: Escalation of privilege with Javascript: URL as home page (MFSA 2012-16)

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which...

Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13)

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote...

CVE-2011-3887

CVE-2011-3887 affects Google Chrome prior to 15.0.874.102; the issue stems from improper handling of javascript: URLs, allowing remote attackers to bypass access restrictions and read cookies via unspecified vectors. Multiple Nessus/OpenVAS entries referencing CVE-2011-3887 corroborate browser-re...

CVE-2011-1058

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

Mozilla Firefox Modal调用跨域信息泄露漏洞

BUGTRAQ ID: 44252 CVECAN ID: CVE-2010-3178 Firefox是一款非常流行的开源WEB浏览器。 如果网页打开了新的窗口并使用javascript: URL执行modal调用，如alert，且之后将网页导航到了不同的域，则modal调用返回到窗口的打开程序就可以访问所导航到窗口中的对象。这违反了同源策略，允许用户窃取其他网站的敏感信息。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla Thunderbird 3.1.x Mozilla Thunderbird 3.0.x Mozilla...

Design/Logic Flaw

Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."...

CVE-2010-2662

Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."...