6939 matches found
Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation
The version of Mozilla Firefox ESR 31.x installed on the remote Windows host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit th...
CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
Multiple Mozilla Products Arbitrary Code Execution Vulnerabilities
Mozilla Firefox, Firefox ESR and SeaMonkey are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.SeaMonkey is a free, open source, and cross-platform web suite. A security vulnerability exists in several Mozilla...
Firefox < 36.0.4 SVG Bypass Privilege Escalation
The version of Mozilla Firefox installed on the remote Windows host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to...
Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)
The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to...
Adobe CVE-2011-2461 Remains Exploitable Via Flex Four Years After Patch
UPDATE: This article has been updated to add commentary and clarification from Adobe. A four year old Adobe Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the...
[SECURITY] [DSA 3201-1] iceweasel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3201-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 22, 2015 http://www.debian.org/security/faq -...
DSA-3201-1 iceweasel - security update
Bulletin has no description...
CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
Debian Security Advisory DSA 3201-1 (iceweasel - security update)
Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3201.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3201-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...
UBUNTU-CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
firefox: multiple issues
CVE-2015-0817 arbitrary remote code execution: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its management of bounds checking for heap access...
Debian: Security Advisory (DSA-3201-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Privilege escalation through SVG navigation — Mozilla
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation...
flash-plugin: cross-domain policy bypass (APSB15-05)
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
Adobe Flash Player Security Bypass Vulnerability (CNVD-2015-01804)
Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. A remote attacker could exploit this vulnerability to bypas...
CVE-2015-0337
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
UBUNTU-CVE-2015-0337
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2015-0337
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
Design/Logic Flaw
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...