Fedora Core 5 : mozilla-1.7.13-1.1.fc5 (2006-487)

Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs...

GLSA-200701-08 : Opera: Two remote code execution vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200701-08 Opera: Two remote code execution vulnerabilities Christoph Deal discovered that JPEG files with a specially crafted DHT marker can be exploited to cause a heap overflow. Furthermore, an anonymous person discovered that...

CVE-2006-6501

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function...

Mozilla Foundation Security Advisory 2006-70

Mozilla Foundation Security Advisory 2006-70 Title: Privilege escallation using watch point Impact: Critical Announced: December 19, 2006 Reporter: shutdown Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description Shutdown...

security flaw

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function...

midiripoff.txt

lintah|adv|15@2006=========php b/d / / / ooo000-------------------------------- -------------000ooo/ / / \ \ \ Indonesian Cyber-Terrorist Grey Hats / / \ / / \ iFX a.k.a inversFX / / | ifx@... | | / \ \ / \ \ | | | ! ! | :. :/ | | | | | | locate : Indonesia, Jakarta | | |...

WEB2. 0 attack the trendy—Ajax Hacking-vulnerability warning-the black bar safety net

0 5 at the beginning, with web2. 0 this word in China each large network media such as a flood the emergence of Ajax technology AJAX, IE"Asynchronous JavaScript And XML"acronym, can be translated as asynchronous JavaScript and XML technology. At its core is a host in the browser called...

Update Protection against C-News 'path' Parameter File Inclusion Vulnerability

C-News, a script executed in XHTML/CSS that webmasters use for easy PHP and JavaScript presentation, is prone to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system via a maliciously crafted URL in the 'path'...

CVE-2006-4565

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."...

Mozilla Firefox JavaScript Navigator object vulnerability

Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...

CVE-2006-3801

CVE-2006-3801 affects Mozilla Firefox 1.5 (pre-1.5.0.5) and SeaMonkey (pre-1.0.3). The vulnerability arises from a JavaScript reference to a frame or window that isn’t properly cleared when content is destroyed, leaving a pointer to a deleted object. This can enable remote attackers to execute ar...

Mozilla products fail to properly handle frame references

Overview Mozilla products fail to properly handle frame or window references. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description JavaScript references are not properly cleared after an object is deleted. An attacker may be able to use the reference to a...

Kil13r-SA-20060701-2.txt

Title: Kil13r-SA-20060701-2 MoniWiki 1.1.1 Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/28 - Discovery 2006/06/28 - Vendor notification 2006/06/30 - Vendor notification 2006/07/01 - Release Affected version: MoniWiki 1.1.1 or...

CVE-2006-3224

CVE-2006-3224 affects Apple Safari 2.0.3 (417.9.3) running on Mac OS X 10.4.6. The issue allows remote attackers to trigger high CPU usage and denial of service by executing JavaScript containing an infinite for loop. The description notes this might not constitute a vulnerability outside Safari’...

mozThunDoS.txt

Mozilla Thunderbird : Remote Code Execution & Denial of Service //----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : Denial of service application crash : iframe src="javascript:parent.document.write'Found by www.s...

Malicious setRequestHeader cross-site vulnerability

A malicious setRequestHeader can be used to stealuser credentials and inject cross-site JavaScript...

CVE-2002-2101

Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag...

CVE-2004-1686

Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer Activ...

CVE-2005-0146

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation...

Netscape Navigator 7.2 - Infinite Array Sort Denial of Service

source: https://www.securityfocus.com/bid/12331/info Netscape Navigator is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service...