43 matches found
SUSE-SU-2015:1379-1 Security update for MozillaFirefox
This security update bsc940918 fixes the following issues: MFSA 2015-78: CVE-2015-4495, bmo1178058: Same origin violation Remove PlayPreview registration from PDF Viewer bmo1179262...
Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78)
A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...
Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability
Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-78 Same origin violation and local file stealing via PDF reader...
Mandriva Update for mozilla MDVSA-2011:111 (mozilla)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-236)
This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...
openSUSE Security Update : seamonkey (seamonkey-238)
This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...
openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-237)
This update brings mozilla-xulrunner181 to security fix version 1.8.1.17. It contains the following security fixes: MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...
Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString — Mozilla
Mozilla security researcher mozbugra4 reported that it is possible to create a document whose URI does not match the document's principal using XMLHttpRequest. This type of mismatch leads to incorrect results in principal-based security checks. An attacker could use this vulnerability to execute...
nsXMLHttpRequest:: NotifyEventListeners() same-origin violation
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...
RHEL 4 / 5 : firefox (RHSA-2008:0978)
The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0978 advisory. - Mozilla buffer overflow in http-index-format parser CVE-2008-0017 - Mozilla crash and remote code execution via proto tampering...
openSUSE 10 Security Update : seamonkey (seamonkey-5657)
This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...
openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5655)
This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: MFSA 2008-37UTF-8 URL stack buffer overflow MFSA 2008-38nsXMLDocument::OnChannelRedirect same-origin violation MFSA 2008-39Privilege escalation using feed preview page and XSS flaw MFSA 2008-40Forced mouse drag MFSA 2008-41Privilege escalation via XPCnativeWrapper...
nsXMLDocument::OnChannelRedirect() same-origin violation — Mozilla
Mozilla security researcher mozbugra4 reported that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website...
XSS through JavaScript same-origin violation — Mozilla
Mozilla contributor mozbugra4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack against arbitrary sites,...
security flaw
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...
CVE-2005-2263
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...
CVE-2005-2263
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...
CVE-2005-2263
CVE-2005-2263 affects Firefox (before 1.0.5) and Mozilla (before 1.7.9). The issue arises in InstallTrigger.install: forcing a page navigation after the install method is called causes a callback to be executed in the context of the new page, resulting in a same-origin violation. This means a rem...