Lucene search
K

43 matches found

OSV
OSV
added 2015/08/12 9:10 a.m.9 views

SUSE-SU-2015:1379-1 Security update for MozillaFirefox

This security update bsc940918 fixes the following issues: MFSA 2015-78: CVE-2015-4495, bmo1178058: Same origin violation Remove PlayPreview registration from PDF Viewer bmo1179262...

8.8CVSS8.7AI score0.70226EPSS
Exploits8References3
RedHat Linux
RedHat Linux
added 2015/08/07 11:7 p.m.30 views

Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78)

A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...

8.8CVSS7.4AI score0.70226EPSS
Exploits8References8
The Hacker News
The Hacker News
added 2015/08/07 12:18 a.m.18 views

Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...

7.1AI score
Exploits0
FreeBSD
FreeBSD
added 2015/08/06 12:0 a.m.30 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-78 Same origin violation and local file stealing via PDF reader...

8.8CVSS7.2AI score0.70226EPSS
Exploits8References1
OpenVAS
OpenVAS
added 2011/06/24 12:0 a.m.17 views

Mandriva Update for mozilla MDVSA-2011:111 (mozilla)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

8.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.45 views

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-236)

This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...

10CVSS8.6AI score0.43921EPSS
Exploits16References16
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.27 views

openSUSE Security Update : seamonkey (seamonkey-238)

This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...

10CVSS8.5AI score0.43921EPSS
Exploits15References17
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.55 views

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-237)

This update brings mozilla-xulrunner181 to security fix version 1.8.1.17. It contains the following security fixes: MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...

10CVSS8.4AI score0.43921EPSS
Exploits15References18
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.63 views

Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString — Mozilla

Mozilla security researcher mozbugra4 reported that it is possible to create a document whose URI does not match the document's principal using XMLHttpRequest. This type of mismatch leads to incorrect results in principal-based security checks. An attacker could use this vulnerability to execute...

4.3CVSS2AI score0.01351EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2008/11/13 2:18 a.m.4 views

nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

7.5CVSS7.6AI score0.03029EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/11/13 12:0 a.m.35 views

RHEL 4 / 5 : firefox (RHSA-2008:0978)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0978 advisory. - Mozilla buffer overflow in http-index-format parser CVE-2008-0017 - Mozilla crash and remote code execution via proto tampering...

10CVSS9.4AI score0.07677EPSS
Exploits1References28
Tenable Nessus
Tenable Nessus
added 2008/10/07 12:0 a.m.40 views

openSUSE 10 Security Update : seamonkey (seamonkey-5657)

This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...

10CVSS8.5AI score0.43921EPSS
Exploits15References16
Tenable Nessus
Tenable Nessus
added 2008/10/06 12:0 a.m.231 views

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5655)

This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...

10CVSS8.6AI score0.43921EPSS
Exploits16References15
FreeBSD
FreeBSD
added 2008/09/24 12:0 a.m.73 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: MFSA 2008-37UTF-8 URL stack buffer overflow MFSA 2008-38nsXMLDocument::OnChannelRedirect same-origin violation MFSA 2008-39Privilege escalation using feed preview page and XSS flaw MFSA 2008-40Forced mouse drag MFSA 2008-41Privilege escalation via XPCnativeWrapper...

10CVSS9.5AI score0.43921EPSS
Exploits14References9
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.42 views

nsXMLDocument::OnChannelRedirect() same-origin violation — Mozilla

Mozilla security researcher mozbugra4 reported that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website...

7.5CVSS1.6AI score0.02143EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.30 views

XSS through JavaScript same-origin violation — Mozilla

Mozilla contributor mozbugra4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack against arbitrary sites,...

4.3CVSS3.3AI score0.02009EPSS
Exploits1References2Affected Software2
RedHat Linux
RedHat Linux
added 2005/07/21 10:14 a.m.4 views

security flaw

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...

5CVSS5.8AI score0.03097EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2005/07/13 4:0 a.m.37 views

CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...

5CVSS5.9AI score0.03097EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/07/13 4:0 a.m.25 views

CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...

6.4AI score0.03097EPSS
Exploits1References18
CVE
CVE
added 2005/07/13 4:0 a.m.91 views

CVE-2005-2263

CVE-2005-2263 affects Firefox (before 1.0.5) and Mozilla (before 1.7.9). The issue arises in InstallTrigger.install: forcing a page navigation after the install method is called causes a callback to be executed in the context of the new page, resulting in a same-origin violation. This means a rem...

5CVSS6.4AI score0.03097EPSS
Exploits1References18Affected Software2
Rows per page
Query Builder