Debian Security Advisory DSA 1671-1 (iceweasel)

The remote host is missing an update to iceweasel announced via advisory DSA 1671-1. OpenVAS Vulnerability Test $Id: deb16711.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1671-1 iceweasel Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Mozilla -moz-binding property bypasses security checks on codebase principals

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file...