7007 matches found
Mozilla Firefox 3.6.8 - Math.random() Cross Domain Information Disclosure
Mozilla Firefox 3.6.8 - Math.random Cross Domain Information Disclosure // source: https://www.securityfocus.com/bid/43222/info Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a pag...
Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows)
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtssjowmultvulnwin.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products 'SJOW' Multiple Vulnerabilities Windows Authors: Madhuri D Copyright:...
Mozilla Products 'SJOW' Multiple Vulnerabilities (MFSA2010-60) - Windows
Mozilla Firefox/Seamonkey/Thunderbird are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu Update for thunderbird vulnerabilities USN-978-1
Ubuntu Update for Linux kernel vulnerabilities USN-978-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9781.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for thunderbird vulnerabilities USN-978-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Mozilla Foundation Security Advisory 2010-60
Mozilla Foundation Security Advisory 2010-60 Title: XSS using SJOW scripted function Impact: High Announced: September 7, 2010 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.5.12 Thunderbird 3.0.7 SeaMonkey 2.0.7 Description Mozilla security researcher mozbugra4...
CVE-2010-2763
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...
Cross site scripting
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...
CVE-2010-2763
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...
CVE-2010-2763
CVE-2010-2763 concerns the XPCSafeJSObjectWrapper (SJOW) in Mozilla’s Firefox/XULRunner implementation. The connected documents confirm a logical error in the SJOW scripted function handling on the Mozilla 1.9.1 development branch, allowing a caller to execute a function in the context of another...
Debian DSA-2106-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2760, CVE-2010-3167, CVE-2010-3168 Implementation errors in XUL processing allow the...
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-975-1)
Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-2760, CVE-2010-2767, CVE-2010-3167 Blake Kaplan and Michal Zalewski discovered several weaknesses in t...
USN-978-1: Thunderbird vulnerabilities
Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. CVE-2010-2760, CVE-2010-2767, CVE-2010-3167 It was discovered that the XPCSafeJSObjectWrapper SJOW security...
[SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-2106-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 08, 2010 http://www.debian.org/security/faq -...
CVE-2010-3259
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...
CVE-2010-3259
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...
Design/Logic Flaw
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...
CVE-2010-3259
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...
CVE-2010-3259
CVE-2010-3259 affects WebKit and WebKitGTK+ components across Safari and Chrome. Root cause: read access to images derived from CANVAS elements was not properly restricted, allowing a remote site to bypass the Same Origin Policy and obtain potentially sensitive image data. Affected versions inclu...
CVE-2010-3259
Removed by vendor...
CVE-2010-2763
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...