Lucene search
K

5 matches found

Cvelist
Cvelist
added 2008/12/17 11:0 p.m.24 views

CVE-2008-5503

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL...

9.5AI score0.01521EPSS
Exploits0References36
RedHat Linux
RedHat Linux
added 2008/12/17 1:20 a.m.4 views

Firefox 2 Information stealing via loadBindingDocument

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL...

2.6CVSS7.4AI score0.01521EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/10/01 3:33 p.m.6 views

Mozilla privilege escalation via XPCnativeWrapper pollution

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to 1 the document.loadBindingDocument...

7.5CVSS6.2AI score0.04802EPSS
Exploits1References4
securityvulns
securityvulns
added 2008/09/29 12:0 a.m.87 views

Mozilla Foundation Security Advisory 2008-41

Mozilla Foundation Security Advisory 2008-41 Title: Privilege escalation via XPCnativeWrapper pollution Impact: Critical Announced: September 23, 2008 Reporter: mozbugra4, Olli Pettay Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey...

7.5CVSS0.7AI score0.05077EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2008/09/24 1:42 a.m.4 views

Mozilla privilege escalation via XPCnativeWrapper pollution

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to 1 the document.loadBindingDocument...

7.5CVSS6.2AI score0.04802EPSS
Exploits1References4
Rows per page
Query Builder