31 matches found
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
Security update for alpine (moderate)
openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...
CVE-2019-19916
In Midori Browser 0.5.11 on Windows 10, Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting XSS and other...
Gopher gophermap Scanner
This module identifies Gopher servers, and processes the gophermap file which lists all the files on the server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gopher gophermap Scanner',...
CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
UBUNTU-CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
Mozilla Thunderbird <= 2.0.0.14 DoS Vulnerability - Linux
Mozilla Thunderbird is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
Microsoft Outlook Express is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NOD32 Email Message Denial of Service Vulnerability
This host is installed with NOD32 Antivirus and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbnod32emailmessagedos.nasl 5370 2017-02-20 15:24:26Z cfi $ NOD32 E-mail message Denial of Service Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2008 Greenbone...
Opera Web Browser DoS attacks on MIME via malformed MIME emails (Windows)
The host is installed with Opera Web Browser and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gboperamimedosvulnwin.nasl 6532 2017-07-05 07:42:05Z cfischer $ Opera Web Browser DoS attacks on MIME via malformed MIME emails Windows Authors: Chandan S Copyright:...
Opera Web Browser 9.51 DoS Vulnerability - Windows
Opera Web Browser is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle 1 multipart/mixed e-mail messages with many MIME parts and possibly 2 e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a...
Design/Logic Flaw
ESet NOD32 2.70.0039.0000 does not properly handle 1 multipart/mixed e-mail messages with many MIME parts and possibly 2 e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service stack consumption or other resource consumption vi...