CVE-2008-4582

CVE-2008-4582 describes an information leak through local Windows shortcut files (.url) that could bypass Same Origin Policy and disclose data via an HTML document. Publicly documented details indicate affected products include Mozilla Firefox 3.0.1–3.0.3, Firefox 2.x prior to 2.0.0.18, and SeaMo...

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...

Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow...

Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may...

Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow...

Mozilla Firefox Internet快捷方式同源策略冲突漏洞

BUGTRAQ ID: 31611 CNCAN ID：CNCAN-2008100802 Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox处理Internet快捷文件时存在同源策略冲突问题，远程攻击者可以利用漏洞获得其他域中的敏感信息或进行其他攻击。 通过HTML元素运行的.URL快捷方式时Firefox的location是错误的，利用这个错误可导致任意位置的内容可被读取-缓存信息，COOKIE信息，WEB, 本地文件系统等。 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox...

Debian DSA-1649-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overfl...

DSA-1649-1 iceweasel - several vulnerabilities

Bulletin has no description...

Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation

Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation source: https://www.securityfocus.com/bid/31611/info Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the...

Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation

source: https://www.securityfocus.com/bid/31611/info Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling internet shortcut files. An attacker m...

Mozilla Firefox Multiple Vulnerability July-08 (Linux)

The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnjuly08lin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Mozilla Firefox Multiple Vulnerability July-08 Linux Authors: Chandan S Copyright: Copyright c 2008...

openSUSE 10 Security Update : seamonkey (seamonkey-5657)

This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...

Mozilla Seamonkey Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5655)

This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...

Mozilla Firefox Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Firefox Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...

Mozilla Firefox Multiple Vulnerabilities (Jul 2008) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Seamonkey Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Seamonkey, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Seamonkey Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...

mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors...

Mozilla Foundation Security Advisory 2008-38

Mozilla Foundation Security Advisory 2008-38 Title: nsXMLDocument::OnChannelRedirect same-origin violation Impact: High Announced: September 23, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12 Description Mozilla...