672 matches found
DEBIAN-CVE-2006-3808
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...
CVE-2006-3808
CVE-2006-3808 affects Mozilla Firefox (pre-1.5.0.5) and SeaMonkey (pre-1.0.3) where a malicious Proxy Auto-Config (PAC) script could set FindProxyForURL to an eval on a privileged object, enabling remote code execution with elevated privileges. Public advisories in connected docs confirm the PAC ...
CVE-2006-3808
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...
CVE-2006-3808
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...
PAC privilege escalation using Function.prototype.call — Mozilla
mozbugra4 reports that a malicious Proxy AutoConfig PAC server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox. By redirecting the victim to a...
mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-56 chrome: scheme loading remote content MFSA 2006-55 Crashes with evidence of memory corruption rv:1.8.0.5 MFSA...
Privilege escalation using addSelectionListener — Mozilla
Web content could access the nsISelectionPrivate interface of the Selection object and use it to add a SelectionListener. The listener would be called when the user did a "Find" on the page or a "select all", and as intended this shouldn't cause any problems. But as with escaping the PAC sandbox ...
CVE-2005-3089
Summary of CVE-2005-3089: Firefox 1.0.6 is affected by a denial-of-service condition caused by a Proxy Auto-Config (PAC) script that uses an eval statement. The issue is specifically tied to Firefox 1.0.6 and may depend on whether an untrusted party triggers it; in the provided materials, this un...
security flaw
Firefox 1.0.6 allows attackers to cause a denial of service crash via a Proxy Auto-Config PAC script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability...
DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow'
DMA2005-0310a - 'Frank McIngvale LuxMan buffer overflow' Author: Kevin Finisterre Vendor: [email protected] broken Product: 'luxman' References: CAN-2005-0385 http://www.digitalmunition.com/DMA2005-0310a.txt http://www.debian.org/security/2005/dsa-693 Description: LuxMan is a Pac-Man clone for...
Frank McIngvale LuxMan 0.41 Local Buffer Overflow Exploit
Exploit for linux platform in category local exploits ========================================================= Frank McIngvale LuxMan 0.41 Local Buffer Overflow Exploit ========================================================= !/usr/bin/perl -w luxman exploit ii luxman 0.41-19.1 Pac-Man clone...
Frank McIngvale LuxMan 0.41 Local Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl -w luxman exploit ii luxman 0.41-19.1 Pac-Man clone svgalib based Tested with "security compat" set in /etc/vga/libvga.config on debian unstable 3.1 kfinisterre@jdam:$ ./luxmanex.pl LuxMan v0.41, Copyright c 1995 Frank McIngvale LuxMan comes with...