Lucene search
K

6939 matches found

Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.48 views

Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation

The version of Mozilla Firefox ESR 31.x installed on the remote Windows host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit th...

7.5CVSS7.1AI score0.03149EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/03/24 12:0 a.m.35 views

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

9.5AI score0.03149EPSS
Exploits0References13
CNVD
CNVD
added 2015/03/24 12:0 a.m.1 views

Multiple Mozilla Products Arbitrary Code Execution Vulnerabilities

Mozilla Firefox, Firefox ESR and SeaMonkey are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.SeaMonkey is a free, open source, and cross-platform web suite. A security vulnerability exists in several Mozilla...

7.5CVSS7.4AI score0.03149EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.27 views

Firefox < 36.0.4 SVG Bypass Privilege Escalation

The version of Mozilla Firefox installed on the remote Windows host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to...

7.5CVSS7.2AI score0.03149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.36 views

Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)

The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to...

7.5CVSS7.3AI score0.03149EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2015/03/23 11:38 a.m.28 views

Adobe CVE-2011-2461 Remains Exploitable Via Flex Four Years After Patch

UPDATE: This article has been updated to add commentary and clarification from Adobe. A four year old Adobe Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the...

4.3CVSS8.4AI score0.07973EPSS
Exploits5References4
Debian
Debian
added 2015/03/22 9:26 a.m.26 views

[SECURITY] [DSA 3201-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3201-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 22, 2015 http://www.debian.org/security/faq -...

7.5CVSS6.8AI score0.03677EPSS
Exploits0
OSV
OSV
added 2015/03/22 12:0 a.m.32 views

DSA-3201-1 iceweasel - security update

Bulletin has no description...

7.5CVSS9.5AI score0.03677EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/03/22 12:0 a.m.32 views

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS7.2AI score0.03149EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/03/22 12:0 a.m.20 views

Debian Security Advisory DSA 3201-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3201.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3201-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

7.5CVSS0.7AI score0.03677EPSS
Exploits0References1
OSV
OSV
added 2015/03/22 12:0 a.m.3 views

UBUNTU-CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

7.5CVSS6.9AI score0.03149EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2015/03/21 12:0 a.m.40 views

firefox: multiple issues

CVE-2015-0817 arbitrary remote code execution: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its management of bounds checking for heap access...

7.5CVSS1.9AI score0.03677EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/03/21 12:0 a.m.27 views

Debian: Security Advisory (DSA-3201-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.6AI score0.03677EPSS
Exploits0References3
Mozilla
Mozilla
added 2015/03/20 12:0 a.m.45 views

Privilege escalation through SVG navigation — Mozilla

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation...

7.5CVSS8.9AI score0.03149EPSS
Exploits0References2Affected Software3
RedHat Linux
RedHat Linux
added 2015/03/17 4:41 p.m.5 views

flash-plugin: cross-domain policy bypass (APSB15-05)

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

5CVSS5.9AI score0.0442EPSS
Exploits0References5
CNVD
CNVD
added 2015/03/17 12:0 a.m.1 views

Adobe Flash Player Security Bypass Vulnerability (CNVD-2015-01804)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. A remote attacker could exploit this vulnerability to bypas...

5CVSS6.8AI score0.0442EPSS
Exploits0References1
NVD
NVD
added 2015/03/13 5:59 p.m.18 views

CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

5CVSS6.7AI score0.0442EPSS
Exploits0References8
OSV
OSV
added 2015/03/13 5:59 p.m.2 views

UBUNTU-CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

5CVSS7.5AI score0.0442EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/03/13 5:59 p.m.28 views

CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

5CVSS7.3AI score0.0442EPSS
Exploits0References2
Prion
Prion
added 2015/03/13 5:59 p.m.17 views

Design/Logic Flaw

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

5CVSS7.2AI score0.0442EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder