Lucene search
K

17 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15649

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...

5.5CVSS6.5AI score0.00721EPSS
Exploits0References2
NVD
NVD
added 2020/08/10 6:15 p.m.10 views

CVE-2020-15649

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...

5.5CVSS5.8AI score0.00721EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/08/10 5:43 p.m.42 views

CVE-2020-15649

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...

5.5CVSS5.4AI score0.00721EPSS
Exploits0
myhack58
myhack58
added 2019/07/13 12:0 a.m.293 views

17 years not to fix Firefox local file stealing vulnerability analysis-vulnerability warning-the black bar safety net

Recently, security researchers Barak Tawily of the homologous policy the Same Origin Policy attack carried out research and found that the Firefox browser due to file scheme URI to the same origin policy of improperly implemented, will lead to Firefox browser by the local file theft attack. Attac...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/03 3:39 p.m.1 views

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/08/07 11:7 p.m.29 views

Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78)

A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...

8.8CVSS7.4AI score0.70226EPSS
Exploits8References8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability

No description provided by source. Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts t...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/03/09 12:0 a.m.24 views

Ubuntu 7.10 : firefox-3.0 vulnerabilities (USN-717-2)

A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user's system. CVE-2009-0355 Wladimir Palant discovered that Firefox did not restrict...

5.4CVSS8.3AI score0.01635EPSS
Exploits0References3
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.45 views

evalInSanbox location context incorrectly applied — Mozilla

Mozilla security researcher mozbugra4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious we...

4.3CVSS1.2AI score0.03083EPSS
Exploits1References2Affected Software5
seebug.org
seebug.org
added 2009/11/12 12:0 a.m.24 views

WebKit XML External Entity Information Disclosure Vulnerability

No description provided by source. Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts t...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/06/11 12:0 a.m.12 views

Apple Safari &lt;= 3.2.x (XXE attack) Local File Theft Vulnerability

No description provided by source. Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts t...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/06/09 12:0 a.m.13 views

Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability

Exploit for multiple platform in category remote exploits ================================================================= Apple Safari Below you should see the content of a local file, stolen by this evil web page. alertdocument.body.innerHTML; To mount the attack, the attacker would serve a we...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/06/09 12:0 a.m.45 views

Apple Safari local file theft vulnerability

Hi, Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: !DOCTYPE doc...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2009/06/09 12:0 a.m.13 views

Apple Safari 3.2.x - XML External Entity Local File Theft

Apple Safari 3.2.x - XML External Entity Local File Theft Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which include...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2009/06/09 12:0 a.m.21 views

Apple Safari XXE Local File Theft

Hi, Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: Below you should...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/06/09 12:0 a.m.33 views

Apple Safari 3.2.x - XML External Entity Local File Theft

Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: Below you should see...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2009/01/23 12:0 a.m.27 views

SuSE Update for MozillaFirefox SUSE-SA:2008:034

Check for the Version of MozillaFirefox OpenVAS Vulnerability Test $Id: gbsuse2008034.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for MozillaFirefox SUSE-SA:2008:034 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program i...

10CVSS0.8AI score0.13949EPSS
Exploits2References1
Rows per page
Query Builder