CVE-2009-1309

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting

Mozilla Multiple Products - Server Refresh Header Cross-Site Scripting source: https://www.securityfocus.com/bid/34656/info The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. Attackers can exploit these issue...

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Same-origin violations when Adobe Flash loaded via view-source: scheme — Mozilla

Security researcher Gregory Fleischer reported that when an Adobe Flash file is loaded via the view-source: scheme, the Flash plugin misinterprets the origin of the content as localhost, leading to two specific vulnerabilities:...

Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString — Mozilla

Mozilla security researcher mozbugra4 reported that it is possible to create a document whose URI does not match the document's principal using XMLHttpRequest. This type of mismatch leads to incorrect results in principal-based security checks. An attacker could use this vulnerability to execute...

XSS hazard using third-party stylesheets and XBL bindings — Mozilla

Web developer Cefn Hoile reported that sites which allow users to embed third-party stylesheets are vulnerable to script injection attacks using XBL bindings. While this behavior was documented previously, it was determined that this particular risk was not well-understood by some websites. To...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)

The Mozilla Firefox Browser was refreshed to the current MOZILLA18 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in...

SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox)

The remote host is missing updates announced in advisory SUSE-SA:2009:023. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Ubuntu USN-741-1 (thunderbird)

The remote host is missing an update to thunderbird announced via advisory USN-741-1. Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2009-0352...

Ubuntu: Security Advisory (USN-741-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Gears WorkerPool API绕过同源策略漏洞

BUGTRAQ ID: 32698 CVECAN ID: CVE-2008-6512 Google Gears是一个开源浏览器扩展，允许开发者开发离线网络程序。 Google Gears的WorkerPool API中存在跨域安全漏洞。如果攻击者在目标域上放置了包含有Google Gear命令的文件类型，然后从攻击域访问该文件，由于没有检查攻击域的响应头，因此可能绕过allowCrossOrigin函数的访问限制在目标域中运行worker代码。 Google Gears 0.5.4.2 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下...

CVE-2008-6512

Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain,...

Cross site scripting

Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain,...

CVE-2008-6512

The CVE concerns Google Gears' WorkerPool API, where

Firefox XML data theft via RDFXMLDataSource and cross-domain redirect

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...

Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1

Ubuntu Update for Linux kernel vulnerabilities USN-645-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6451.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone...

Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-647-1

Ubuntu Update for Linux kernel vulnerabilities USN-647-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6471.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-647-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networ...

Ubuntu Update for firefox vulnerabilities USN-690-3

Ubuntu Update for Linux kernel vulnerabilities USN-690-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN6903.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-690-3 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu Update for firefox vulnerabilities USN-490-1

Ubuntu Update for Linux kernel vulnerabilities USN-490-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4901.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-490-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...