89 matches found
Location object can be shadowed using Object.defineProperty — Mozilla
Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting XSS attacks...
Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1213-1)
Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. CVE-2011-2995, CVE-2011-2996 Boris Zbarsky...
Mozilla Foundation Security Advisory 2010-10
Mozilla Foundation Security Advisory 2010-10 Title: XSS via plugins and unprotected Location object Impact: High Announced: March 23, 2010 Reporter: Blake Kaplan Products: Firefox 3.6 Fixed in: Firefox 3.6.2 Description Mozilla developer Blake Kaplan reported that the window.location object was...
XSS via plugins and unprotected Location object — Mozilla
Mozilla developer Blake Kaplan reported that the window.location object was made a normal overridable JavaScript object in the Firefox 3.6 browser engine Gecko 1.9.2 because new mechanisms were developed to enforce the same-origin policy between windows and frames. This object is unfortunately al...
CVE-2009-1702
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects...
Opera remote location object cross-domain scripting vulnerability
The remote host contains a web browser that is affected by multiple flaws. Description : The remote host is using Opera, an alternative web browser. This version of Opera on the remote host fails to block write access to the SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might...
CVE-2004-2570
Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user...
Opera < 7.54.0 Remote Location Object XSS
Binary data 1774.prm...
Opera: Location, Location, Location
GreyMagic Security Advisory GM008-OP ===================================== By GreyMagic Software, 05 Aug 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm008-op/. Topic: Location, Location, Location. Discovery date: 19 Jul 2004. Affected applications:...