17 matches found
SUSE CVE-2020-15649
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...
CVE-2020-15649
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...
CVE-2020-15649
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...
17 years not to fix Firefox local file stealing vulnerability analysis-vulnerability warning-the black bar safety net
Recently, security researchers Barak Tawily of the homologous policy the Same Origin Policy attack carried out research and found that the Firefox browser due to file scheme URI to the same origin policy of improperly implemented, will lead to Firefox browser by the local file theft attack. Attac...
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an...
Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78)
A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...
Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability
No description provided by source. Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts t...
Ubuntu 7.10 : firefox-3.0 vulnerabilities (USN-717-2)
A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user's system. CVE-2009-0355 Wladimir Palant discovered that Firefox did not restrict...
evalInSanbox location context incorrectly applied — Mozilla
Mozilla security researcher mozbugra4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious we...
WebKit XML External Entity Information Disclosure Vulnerability
No description provided by source. Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts t...
Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability
No description provided by source. Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts t...
Apple Safari local file theft vulnerability
Hi, Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: !DOCTYPE doc...
Apple Safari XXE Local File Theft
Hi, Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: Below you should...
Apple Safari 3.2.x - XML External Entity Local File Theft
Apple Safari 3.2.x - XML External Entity Local File Theft Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which include...
Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability
Exploit for multiple platform in category remote exploits ================================================================= Apple Safari Below you should see the content of a local file, stolen by this evil web page. alertdocument.body.innerHTML; To mount the attack, the attacker would serve a we...
Apple Safari 3.2.x - XML External Entity Local File Theft
Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: Below you should see...
SuSE Update for MozillaFirefox SUSE-SA:2008:034
Check for the Version of MozillaFirefox OpenVAS Vulnerability Test $Id: gbsuse2008034.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for MozillaFirefox SUSE-SA:2008:034 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program i...