97 matches found
iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=200&type=vulnerabilities February 28, 2005 I. BACKGROUND Mozilla is an open-source web browser, designed for standards compliance,...
Browser responds to proxy auth request from non-proxy server (ssl/https) — Mozilla
If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization...
isec-0020-mozilla.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Heap overflow in Mozilla Browser Date: Dec 29, 2004 Issue: ====== A critical security vulnerability has been found in Mozilla Project code handling NNTP protocol. Details: ======== Mozilla browser supports NNTP urls. Remote side is able to...
Mozilla Browser <= 1.7.3 NNTP Code Heap Overflow (PoC)
Exploit for unknown platform in category dos / poc ====================================================== Mozilla Browser i = "news://news.individual.net/AAAAAAAAAAAAAA?"; forl = 0; l 0day.today 2018-02-09...
Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Heap overflow in Mozilla Browser = 1.7.3 NNTP code. Product: Mozilla Browser Version: = 1.7.3 Vendor: http://www.mozilla.org/ URL: http://isec.pl/vulnerabilities/isec-0020-mozilla.txt CVE: not assigned Author: Maurycy Prodeus [email protected]...
mozilla -- heap overflow in NNTP handler
Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers: Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code o...
Mozilla status elements can be disabled via JavaScript
Overview Mozilla allows websites to disable various browser status elements. This allows websites to create spoofed dialogs using XUL. Description Certain Mozilla web browser status elements, such as the address bar, status bar, and navigation controls, can be disabled remotely by web sites using...
Mozilla Multiple Products XPInstall Arbitrary File Overwrite
The remote host is using Mozilla and/or Firefox, an alternative web browser. The version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, therefore, this alert might be a false positiv...
Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow
source: https://www.securityfocus.com/bid/11169/info Mozilla is prone to a remotely exploitable heap overflow that is exposed when the browser handles non-ASCII characters in URIs. This issue could be exploited by enticing a user to open a hyperlink that references a malicious URI. Successful...
Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow
Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow source: https://www.securityfocus.com/bid/11169/info Mozilla is prone to a remotely exploitable heap overflow that is exposed when the browser handles non-ASCII characters in URIs. This issue could be exploited by enticing a user to open a...
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Galeon and Epiphany are both web browsers that use gecko, the Mozilla rendering engine. Mozilla Firefox is the next-generation browser from the Mozilla project that incorporates advanced features that are yet to be...
Mozilla OnUnload Referer Information Leakage Race Condition Information Disclosure (deprecated)
Binary data 1316.prm...
Mozilla Browser HTTP/HTTPS Redirection Weakness (deprecated)
Binary data 1319.prm...
Mozilla Browser 'onclick' Property Cross Domain Violation (deprecated)
Binary data 1323.prm...
Mozilla JAR File Decompression Heap Overflow (deprecated)
Binary data 1322.prm...
Mozilla Browser Large HTTP Header Handling Overflow (deprecated)
Binary data 1321.prm...
CVE-2004-0779
The 1 Mozilla 1.6, 2 Firebird 0.7 and 3 Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site...
CVE-2004-0779
The 1 Mozilla 1.6, 2 Firebird 0.7 and 3 Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site...
CVE-2004-0718
The 1 Mozilla 1.6, 2 Firebird 0.7, 3 Firefox 0.8, and 4 Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability...
Mozilla Browser 0.8/0.9/1.x - Refresh Security Property Spoofing
source: https://www.securityfocus.com/bid/10796/info Mozilla and Firefox may permit malicious Web pages to spoof security properties of a trusted site. An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting user. The attacker can then use this...