CVE-2008-5506

CVE-2008-5506 affects Mozilla components (e.g., Firefox/Thunderbird/SeaMonkey) where an XMLHttpRequest to an attacker-controlled resource that performs a 302 redirect to a different domain can bypass same-origin policy, allowing reading of the redirected response. This can enable a remote attacke...

Firefox XSS via XBL bindings to unloaded document

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

Firefox XMLHttpRequest 302 response disclosure

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

Firefox Cross-domain data theft via script redirect error message

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

Firefox XSS vulnerabilities in SessionStore

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

Firefox Cross-domain data theft via script redirect error message

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

Firefox XSS via XBL bindings to unloaded document

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

Firefox XMLHttpRequest 302 response disclosure

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

SeaMonkey < 1.1.14 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.14. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. MFSA 2008-60 - XBL bindings can be used to rea...

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

PT-2008-6579 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 2.x through 2.0.0.18 Mozilla Firefox versions 3.x through 3.0.4 Description: The issue allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct...

CVE-2008-5511

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

SeaMonkey < 1.1.14 Multiple Vulnerabilities

Binary data 4794.prm...

Mozilla Firefox 3.x < 3.0.5 Multiple Vulnerabilities

Binary data 4793.prm...

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

Information stealing via loadBindingDocument — Mozilla

Mozilla developer Boris Zbarsky reported that XBL bindings could be used to read data from other domains, a violation of the same-origin policy. The severity of this issue was determined to be moderate due to several mitigating factors:...

XSS vulnerabilities in SessionStore — Mozilla

Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin...

XSS and JavaScript privilege escalation — Mozilla

Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website...

Debian: Security Advisory (DSA-1671-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...