5861 matches found
CVE-2007-5540
The provided documents confirm CVE-2007-5540 affects Opera (pre-9.24) and enables bypassing the same-origin policy when displaying frames from different sites. The root cause is described as an unspecified flaw in how Opera handles cross-domain frames, allowing remote attackers to overwrite funct...
Opera < 9.24 Multiple Vulnerabilities
The version of Opera installed on the remote host reportedly may allow for arbitrary code execution if it has been configured to use an external news reader or email client and a user views a specially crafted web page. In addition, it may also allow a script to bypass the same-origin policy and...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541)
This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content...
openSUSE 10 Security Update : seamonkey (seamonkey-3631)
This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...
openSUSE 10 Security Update : seamonkey (seamonkey-3632)
This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...
opera -- multiple vulnerabilities
An advisory from Opera reports: If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accesing frames from differen...
Scripts can overwrite functions on pages from other domains
When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...
Scripts can overwrite functions on pages from other domains – Opera Security Advisories
Scripts can overwrite functions on pages from other domains – Opera Security Advisories OPCOM Team | October 16, 2007 Scripts can overwrite functions on pages from other domains. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prior to Opera 9.24. Problem Description...
Cross site scripting
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...
CVE-2007-4431
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...
CVE-2007-4431
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...
CVE-2007-4431
CVE-2007-4431 is a cross-domain vulnerability affecting Apple Safari for Windows 3.0.3 and earlier. The issue allows remote attackers to bypass the Same Origin Policy via a crafted body.innerHTML value, enabling potential frame hijacking from local zones to external domains. The description is su...
Apple Safari Beta同源策略冲突漏洞
Apple Safari是一款苹果公司开发的WEB浏览器。 Apple Safari Beta存在同源策略冲突问题,远程攻击者可以利用漏洞访问其他域中的敏感信息。 构建包含恶意JavaScript的WEB页,诱使用户访问,可导致访问其他域中的信息。 Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 3...
XSS using addEventListener and setTimeout — Mozilla
Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...
CVE-2007-3514
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...
Cross site scripting
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...
CVE-2007-3514
CVE-2007-3514 describes a cross-domain vulnerability in Apple Safari for Windows 3.0.2 where JavaScript that overwrites the document variable and statically assigns the document.domain to a file:// location bypasses the Same Origin Policy and allows access to restricted information from other dom...
CVE-2007-3514
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...
Cross site scripting
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...
CVE-2007-3481
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue...