CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting...

CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382)

The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

Debian: Security Advisory (DSA-1704-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1704 [email protected] http://www.debian.org/security/ Steffen Joeris January 14, 2009 http://www.debian.org/security/faq -...

DSA-1704-1 xulrunner - several vulnerabilities

Bulletin has no description...

Firefox Cross-domain data theft via script redirect error message

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

Mozilla Thunderbird < 2.0.0.19 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 2.0.0.19. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. MFSA 2008-60 - XBL bindings can be used ...

Mozilla Firefox < 2.0.0.20 Cross-Domain Data Theft

Binary data 4796.prm...

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

SeaMonkey < 1.1.14 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.14. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. MFSA 2008-60 - XBL bindings can be used to rea...

Fast Forward can allow cross-site scripting

If a link that uses a JavaScript URL triggers Opera's Fast Forward feature, when the user activates Fast Forward, the script should run on the current page. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can b...

Fast Forward can allow cross-site scripting – Opera Security Advisories

Fast Forward can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Platforms All desktop versions Problem Description If a link that uses a JavaScript URL triggers Opera’s Fast Forward feature, when the user activates Fast Forward, the...

Opera Web浏览器HTML注入及跨站脚本漏洞

BUGTRAQ ID: 31842 Opera是一款流行的WEB浏览器，支持多种平台。 Opera的9.61之前版本中的多个安全漏洞可能允许恶意用户执行脚本注入攻击、绕过某些安全限制或泄露敏感信息。 1 History Search功能没有正确地过滤某些输入，用户在查看恶意数据时可能在用户的浏览器会话中注入任意HTML和脚本代码，导致泄露之前所访问的页面。 2 实现Fast Forward功能中的错误可能允许通过特制的JavaScript URL在受限制的帧中执行任意脚本代码。 3 在预览新闻源期间时阻断脚本存在错误，可能导致泄露所订阅新闻源的内容，或将用户订阅到任意的新闻源。 Oper...

opera -- multiple vulnerabilities

Opera reports: Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive...

CVE-2002-2314

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail...

CVE-2002-2230

CVE-2002-2230 describes an XSS vulnerability in Ikonboard 3.1.1 where remote attackers can inject arbitrary script via a private message containing a javascript: URL in an IMG tag, with the URL ending in ".gif" or ".jpg". The connected Red Hat CVE entry confirms this issue as a cross-site scripti...