Lucene search
K

6987 matches found

Mozilla
Mozilla
added 2013/12/10 12:0 a.m.46 views

Character encoding cross-origin XSS attack — Mozilla

Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encodings across navigations into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue...

4.3CVSS2.3AI score0.03402EPSS
Exploits1References2Affected Software2
myhack58
myhack58
added 2013/11/22 12:0 a.m.53 views

Use the csrf vulnerability to upload files-the vulnerability warning-the black bar safety net

Everyone knows that the commonly used csrf to upload a file is not very simple. The problem is that we create a fake form submission data with browser file upload to submit the data a little different. That is the upload request will have a filename parameter: -----------------------------2 5 6 6...

7.2AI score
Exploits0
Mageia
Mageia
added 2013/11/20 8:16 p.m.82 views

Updated iceape packages fix many vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service memory...

10CVSS10AI score0.69021EPSS
Exploits26References45
NVD
NVD
added 2013/11/13 12:55 a.m.18 views

CVE-2013-3908

Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosu...

4.3CVSS5.9AI score0.363EPSS
Exploits0References3
Prion
Prion
added 2013/11/13 12:55 a.m.16 views

Information disclosure

Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosu...

4.3CVSS6.3AI score0.363EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/11/13 12:0 a.m.141 views

CVE-2013-3908

Technical details about CVE-2013-3908 are not publicly disclosed in the provided documents. Monitor for updates from connected sources for affected products, root cause, impact, and available fixes.

4.3CVSS5.9AI score0.363EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2013/10/24 12:0 a.m.64 views

easyXDM 2.4.16 Cross Site Scripting

Affected products ================= easyXDM library = 2.4.16 - http://easyxdm.net/wp/ easyXDM is a Javascript library that enables you as a developer to easily work around the limitation set in place by the Same Origin Policy, in turn making it easy to communicate and expose javascript API’s acro...

3.7CVSS0.2AI score0.00913EPSS
Exploits1
0day.today
0day.today
added 2013/10/02 12:0 a.m.45 views

Firefox For Android Same-Origin Bypass

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. CVE Number: CVE-2013-1727 Vender...

4CVSS0.1AI score0.05189EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2013/10/02 12:0 a.m.26 views

FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)

The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...

10CVSS7.8AI score0.08894EPSS
Exploits4References38
securityvulns
securityvulns
added 2013/10/01 12:0 a.m.80 views

Firefox for Android - Same-origin bypass through symbolic links

CVE Number: CVE-2013-1727 Vender Identifier: MFSA 2013-84 Title: Firefox for Android - Same-origin bypass through symbolic links Affected Software: Prior to v24 confirmed on v14 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v24 was released which fixes this...

4CVSS6AI score0.05189EPSS
Exploits2
Packet Storm
Packet Storm
added 2013/09/30 12:0 a.m.45 views

Firefox For Android Same-Origin Bypass

CVE Number: CVE-2013-1727 Vender Identifier: MFSA 2013-84 Title: Firefox for Android - Same-origin bypass through symbolic links Affected Software: Prior to v24 confirmed on v14 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v24 was released which fixes this...

4CVSS0.3AI score0.05189EPSS
Exploits2
NVD
NVD
added 2013/09/19 10:28 a.m.18 views

CVE-2013-5159

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element...

4.3CVSS5.5AI score0.01802EPSS
Exploits0References4
Prion
Prion
added 2013/09/19 10:28 a.m.19 views

Design/Logic Flaw

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element...

4.3CVSS6AI score0.01802EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2013/09/19 10:0 a.m.49 views

CVE-2013-5159

The CVE-2013-5159 entry concerns WebKit in Apple iOS prior to 7, where a vulnerability allowed a remote attacker to bypass the Same Origin Policy via an iframe and infer use of the window.webkitRequestAnimationFrame API, potentially exposing information about page behavior. Affected component: We...

4.3CVSS5.6AI score0.01802EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/09/19 10:0 a.m.24 views

CVE-2013-5159

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element...

5.5AI score0.01802EPSS
Exploits0References4
NVD
NVD
added 2013/09/18 10:8 a.m.14 views

CVE-2013-1727

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...

4CVSS5.8AI score0.05189EPSS
Exploits2References5
Prion
Prion
added 2013/09/18 10:8 a.m.18 views

Cross site scripting

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...

4CVSS6AI score0.05189EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2013/09/18 10:0 a.m.36 views

CVE-2013-1727

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...

5.7AI score0.05189EPSS
Exploits2References5
CVE
CVE
added 2013/09/18 10:0 a.m.54 views

CVE-2013-1727

CVE-2013-1727 affects Mozilla Firefox on Android prior to 24.0, where a symlink/URL trick can bypass the Same-Origin Policy for local files (file: URLs). This enables potential cross‑site scripting (XSS) and access to sensitive data such as cookies or passwords if a local file is involved. The is...

4CVSS5.6AI score0.05189EPSS
Exploits2References5Affected Software1
exploitpack
exploitpack
added 2013/09/17 12:0 a.m.14 views

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass source: https://www.securityfocus.com/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute...

7.3AI score
Exploits0
Rows per page
Query Builder