security flaw

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

CVE-2005-0752

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

CVE-2005-0752

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

CVE-2005-1153

CVE-2005-1153 affects Firefox before 1.0.3 and Mozilla Suite before 1.7.7. When a popup is blocked, a javascript: URL executed via the user-visible Show javascript option can lead to remote code execution. The issue is documented in multiple advisories (e.g., RHSA-2005:383/384/386) and affected F...

CVE-2005-1153

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

CVE-2005-0752

The CVE-2005-0752 entry describes a remote code execution via the Plugin Finder Service (PFS) in Firefox, affected when a javascript: URL is used in the PLUGINSPAGE attribute of an EMBED tag. The vulnerability is tied to Firefox versions before 1.0.3, with an exploit occurring through a crafted E...

Arbitrary code execution from Firefox sidebar panel II — Mozilla

Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to install malicious code or steal data without user...

CVE-2005-1016

Cross-site scripting XSS vulnerability in linksaddform.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL...

CVE-2002-2314

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail...

CVE-2002-0783

CVE-2002-0783 affects Opera versions 5.12, 6.0, and 6.01. The vulnerability lets a remote attacker execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. The underlying flaw is exposure of frame/iframe navigation to a...

Cookie protection bypass in Mozilla

It's possible to obtain cookie by spoofing valid hostname in javascript: URL. For example f.location = "javascript://www.google.com/n"+ "'body onload=alertdocument.cookie'";...

CVE-2002-0346

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to 1 service.cgi or 2 alert.cgi...

Crossite scripting in Opera

javascript: URL is executed in context of previously loaded page...

CVE-2000-0958

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window...

Microsoft Windows Media Player 7.0 - JavaScript URL

Microsoft Windows Media Player 7.0 - JavaScript URL source: https://www.securityfocus.com/bid/2167/info Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from...

Проблема в Internet Explorer (HTTP-redirect)

Internet Explorer выпадает при получении редирект на URL типа javascript:...

CVE-2000-0958

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window...

CVE-1999-0347

Affected software: Internet Explorer 4.01. Type of issue: remote read of local files and ability to spoof web pages via a "%01" character in an about: JavaScript URL, which makes IE use the domain specified after the character. Underlying cause: parsing/URL handling in about: URLs allows domain o...