CVE-2007-6589

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting XSS attacks via a jar: URI, a different...

CVE-2007-6589

CVE-2007-6589 affects Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7. The jar protocol handler fails to update the origin when an inner URL parameter yields an HTTP redirect, enabling remote XSS via a jar: URI. No exploitation details are provided in the documents. Remediation: upgrad...

Microsoft Outlook Express MHTML URL解析信息泄露漏洞（MS07-034）

BUGTRAQ ID: 24392 CVECAN ID: CVE-2007-2225 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 Windows的MHTML协议处理器在返回MHTML内容时没有正确的解释HTTP头，这可能允许Internet Explorer绕过域限制。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看网页，该漏洞可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsoft Outlook Express 6.0...

CVE-2007-6409

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service resource consumption via unspecified network traffic...

Design/Logic Flaw

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service resource consumption via unspecified network traffic...

CVE-2007-6409

The CVE-2007-6409 entry concerns the gg protocol handler in Gadu-Gadu. When installed but not running, it does not properly handle the skin attribute, allowing remote attackers to cause a denial of service through unspecified network traffic, resulting in resource consumption. The vulnerability a...

CVE-2007-6409

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service resource consumption via unspecified network traffic...

SuSE 10 Security Update : opal (ZYPP Patch Number 4519)

A bug in the SIP protocol handler could be exploited by attackers to crash applications using opal. CVE-2007-4924 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Apple QuickTime RTSP Content-Type header stack buffer overflow

Overview Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. The Appl...

Cross site scripting

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...

CVE-2007-5947

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...

CVE-2007-5947

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...

CVE-2007-5947

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...

CentOS 4 / 5 : firefox (CESA-2007:0979)

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way i...

thunderbird security update

CentOS Errata and Security Advisory CESA-2007:0981 Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a...

Critical: Red Hat Security Advisory: seamonkey security update

Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client...

Moderate: Red Hat Security Advisory: thunderbird security update

Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws wer...

URIs with invalid %-encoding mishandled by Windows — Mozilla

On Windows XP with Internet Explorer 7 installed several "web related" URI schemes do not launch the registered protocol-handler if the URI contains an invalid %-encoded sequence. This was initially reported by Billy Rios and Nate McFeters with additional investigation by Secunia. A patch that...

Design/Logic Flaw

Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' double-quote space sequence followed by the -autologin and -loginuri arguments, whic...

CVE-2007-4960

The CVE-2007-4960 entry concerns an argument-injection vulnerability in Linden Lab’s Second Life secondlife:// protocol handler, used by Internet Explorer (and possibly Firefox). The issue allows a remote attacker to craft a sequence consisting of a quote space ('" ') followed by -autologin and -...