USN-728-2: Firefox vulnerabilities

Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-0772, CVE-2009-0774...

Mozilla Foundation Security Advisory 2009-09

Mozilla Foundation Security Advisory 2009-09 Title: XML data theft via RDFXMLDataSource and cross-domain redirect Impact: High Announced: March 4, 2009 Reporter: Georgi Guninski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.7 Thunderbird 2.0.0.21 SeaMonkey 1.1.15 Description...

USN-728-1: Firefox and Xulrunner vulnerabilities

Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of t...

Critical Firefox flaws flagged, fixed

The open-source Mozilla group has released Firefox 3.0.7 with fixes for at least eight security flaws, some rated critical. The most serious of the vulnerabilities could be exploited by attackers to run code and install software, requiring no user interaction beyond normal browsing, Mozilla warne...

CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...

CVE-2009-0776

CVE-2009-0776 affects Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15. Root cause: nsIRDFService allows a cross-domain redirect to bypass the same-origin policy, enabling reading XML data from a different domain. Impact per sources: remote read access to cro...

Firefox XML data theft via RDFXMLDataSource and cross-domain redirect

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...

Firefox XML data theft via RDFXMLDataSource and cross-domain redirect

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...

XML data theft via RDFXMLDataSource and cross-domain redirect — Mozilla

Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users...

CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...

USN-717-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...

Google Chrome Multiple Vulnerabilities (Feb 2009)

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...

Design/Logic Flaw

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the 1 about:plugins and 2 about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a...

CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...

Cross site scripting

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...

CVE-2009-0356

CVE-2009-0356 affects Mozilla Firefox before 3.0.6 and SeaMonkey, where links to about:plugins and about:config URIs in .desktop files are not blocked. This can bypass Same Origin Policy and allow a user-assisted remote attacker to execute arbitrary code with chrome privileges via a Desktop Entry...

CVE-2009-0354

CVE-2009-0354 : Mozilla Firefox 3.x prior to 3.0.6 contains a cross-domain vulnerability where a chrome XBL method used with window.eval can bypass the Same Origin Policy, enabling access to another window’s properties and potential XSS. Affected: Firefox 3.x up to 3.0.5. Impact: SOP bypass and c...

CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...

Firefox XSS using a chrome XBL method and window.eval

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...