UBUNTU-CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

Google Chrome Blink Denial of Service Vulnerability (CNVD-2015-01502)

Google Chrome is a popular WEB browser. A security vulnerability in the 'getHiddenProperty' function in the bindings/core/v8/V8EventListenerList.h file in Blink used by Google Chrome can be exploited by a remote attacker to crash the application using specially crafted JavaScript code to crash th...

Google Chrome Denial of Service Vulnerability (CNVD-2015-00819)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the components/navigationinterception/interceptnavigationresourcethrottle.cc file in versions of Google Chrome prior to 40.0.2214.91, which stems from the program's failure to restri...

Epic Operation Kicks Off Multistage Turla APT Campaign

The Turla APT campaign has baffled researchers for months as to how its victims are compromised. Peaking during the first two months of the year, Turla has targeted municipal governments, embassies, militaries and other high-value targets worldwide, with particular concentrations in the Middle Ea...

atmail email server appliance 6.4 - Stored XSS - csrf - rce

No description provided by source. Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will...

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

Mozilla: Chrome Object Wrapper (COW) bypass through plugin objects (MFSA 2013-15)

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging...

Penske Media Corporation Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail...

Atmail Email Server Appliance 6.4 Stored XSS - CSRF - RCE

Exploit for linux platform in category remote exploits Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScrip...

Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter...

CVE-2009-1704

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file...

IBM BladeCenter Advanced Management Module Multiple vulnerabilities

Louhi Networks Information Security Research Security Advisory Advisory: IBM BladeCenter Advanced Management Module Multiple vulnerabilities XSS type 2 & 1, CSRF, Information Disclosure Release Date: 2009-04-09 Last Modified: 2009-04-09 Authors: Henri Lindberg [email protected], CISA Device...

PT-2008-6571 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.19 Description: A issue in Mozilla Firefox allows remote attackers to run arbitrary JavaScript with chrome privileges. This is related to vectors involving the feed preview. Recommendations: For version...

JSON Hijacking of use as well as Web API security-vulnerability warning-the black bar safety net

by:cosine JSON Hijacking what role, as a black brother said, You can CSRF to give the user privacy data: a. The principle of the last presentation, first take a attack example, take the meal to do an experiment. First of all, we see this:http://help.fanfou.com/api.html. Rice no API. Wherein:...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client...

security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

security flaw

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...

PT-2006-5354 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 1.5.0.6 Description: The issue allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server. This can be achieved by hosting a script on an...