Lucene search
+L

89 matches found

Mozilla
Mozilla
added 2012/08/28 12:0 a.m.53 views

Location object can be shadowed using Object.defineProperty — Mozilla

Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting XSS attacks...

4.3CVSS8.4AI score0.01888EPSS
Exploits0References2Affected Software5
Tenable Nessus
Tenable Nessus
added 2011/09/29 12:0 a.m.35 views

Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1213-1)

Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. CVE-2011-2995, CVE-2011-2996 Boris Zbarsky...

10CVSS8.8AI score0.04379EPSS
Exploits2References6
securityvulns
securityvulns
added 2010/04/06 12:0 a.m.44 views

Mozilla Foundation Security Advisory 2010-10

Mozilla Foundation Security Advisory 2010-10 Title: XSS via plugins and unprotected Location object Impact: High Announced: March 23, 2010 Reporter: Blake Kaplan Products: Firefox 3.6 Fixed in: Firefox 3.6.2 Description Mozilla developer Blake Kaplan reported that the window.location object was...

4.3CVSS0.9AI score0.01566EPSS
Exploits1
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.36 views

XSS via plugins and unprotected Location object — Mozilla

Mozilla developer Blake Kaplan reported that the window.location object was made a normal overridable JavaScript object in the Firefox 3.6 browser engine Gecko 1.9.2 because new mechanisms were developed to enforce the same-origin policy between windows and frames. This object is unfortunately al...

4.3CVSS1.1AI score0.01566EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2009/06/10 6:0 p.m.23 views

CVE-2009-1702

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects...

4.3CVSS6.4AI score0.0268EPSS
Exploits2References14
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

Opera remote location object cross-domain scripting vulnerability

The remote host contains a web browser that is affected by multiple flaws. Description : The remote host is using Opera, an alternative web browser. This version of Opera on the remote host fails to block write access to the SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might...

5CVSS6.6AI score0.02989EPSS
Exploits1References3
NVD
NVD
added 2004/12/31 5:0 a.m.24 views

CVE-2004-2570

Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user...

5CVSS6.6AI score0.02989EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.13 views

Opera < 7.54.0 Remote Location Object XSS

Binary data 1774.prm...

5CVSS7.3AI score0.02989EPSS
Exploits1References1
securityvulns
securityvulns
added 2004/08/06 12:0 a.m.36 views

Opera: Location, Location, Location

GreyMagic Security Advisory GM008-OP ===================================== By GreyMagic Software, 05 Aug 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm008-op/. Topic: Location, Location, Location. Discovery date: 19 Jul 2004. Affected applications:...

6.7AI score
Exploits0
Rows per page
Query Builder