7001 matches found
Debian Security Advisory DSA 1337-1 (xulrunner)
The remote host is missing an update to xulrunner announced via advisory DSA 1337-1. OpenVAS Vulnerability Test $Id: deb13371.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1337-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 1339-1 (iceape)
The remote host is missing an update to iceape announced via advisory DSA 1339-1. OpenVAS Vulnerability Test $Id: deb13391.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1339-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 1338-1 (iceweasel)
The remote host is missing an update to iceweasel announced via advisory DSA 1338-1. OpenVAS Vulnerability Test $Id: deb13381.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1338-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-1338-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
jar: protocol XSS
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...
SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3756)
This update brings Mozilla Firefox to security update version 2.0.0.4 - Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. MFSA 2007-1...
jar: protocol XSS
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...
Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)
Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-3734, CVE-2007-3735 Flaws were discovered in the JavaScript methods addEventListener and setTimeo...
Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-468-1)
Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-2867, CVE-2007-2868 A flaw was discovered in the form autocomplete feature. By tricking a user in...
GLSA-200710-31 : Opera: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200710-31 Opera: Multiple vulnerabilities Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different...
Opera: Multiple vulnerabilities
Background Opera is a multi-platform web browser. Description Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly...
FreeBSD : opera -- multiple vulnerabilities (44224e08-8306-11dc-9283-0016179b2dd5)
An advisory from Opera reports : If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accessing frames from...
Opera浏览器远程代码执行及绕过同源策略漏洞
BUGTRAQ ID: 26100,26102 CVECAN ID: CVE-2007-5540,CVE-2007-5541 Opera是一款流行的WEB浏览器,支持多种平台。 Opera的实现上存在多个漏洞,远程攻击者可能利用这些漏洞控制用户系统。 如果用户将Opera配置为使用外部新闻组客户端或邮件应用程序的话,特制的网页可能导致Opera错误地运行该应用程序,在某些情况下这可能导致执行任意指令。 在访问不同站点的帧的时候,特制的脚本可能绕过同源策略覆盖这些帧的函数。如果之后页面的脚本运行了这些函数的话,就可能导致在目标站点的环境中运行攻击者所提供的脚本。 Opera Softwar...
CVE-2007-5540
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...
CVE-2007-5540
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...
CVE-2007-5540
The provided documents confirm CVE-2007-5540 affects Opera (pre-9.24) and enables bypassing the same-origin policy when displaying frames from different sites. The root cause is described as an unspecified flaw in how Opera handles cross-domain frames, allowing remote attackers to overwrite funct...
CVE-2007-5540
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...
openSUSE 10 Security Update : seamonkey (seamonkey-3984)
This update fixes several security issues in Mozilla SeaMonkey 1.1.3. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven't been proven to be exploitable. 25 were in...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541)
This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content...