CVE-2007-5540

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...

Opera < 9.24 Multiple Vulnerabilities

The version of Opera installed on the remote host reportedly may allow for arbitrary code execution if it has been configured to use an external news reader or email client and a user views a specially crafted web page. In addition, it may also allow a script to bypass the same-origin policy and...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541)

This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content...

openSUSE 10 Security Update : seamonkey (seamonkey-3984)

This update fixes several security issues in Mozilla SeaMonkey 1.1.3. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven't been proven to be exploitable. 25 were in...

opera -- multiple vulnerabilities

An advisory from Opera reports: If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accesing frames from differen...

openSUSE 10 Security Update : seamonkey (seamonkey-3632)

This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...

openSUSE 10 Security Update : seamonkey (seamonkey-3631)

This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...

Scripts can overwrite functions on pages from other domains – Opera Security Advisories

Scripts can overwrite functions on pages from other domains – Opera Security Advisories OPCOM Team | October 16, 2007 Scripts can overwrite functions on pages from other domains. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prior to Opera 9.24. Problem Description...

Scripts can overwrite functions on pages from other domains

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...

CVE-2007-4431

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...

CVE-2007-4431

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...

CVE-2007-4431

CVE-2007-4431 is a cross-domain vulnerability affecting Apple Safari for Windows 3.0.3 and earlier. The issue allows remote attackers to bypass the Same Origin Policy via a crafted body.innerHTML value, enabling potential frame hijacking from local zones to external domains. The description is su...

Apple Safari Beta同源策略冲突漏洞

Apple Safari是一款苹果公司开发的WEB浏览器。 Apple Safari Beta存在同源策略冲突问题，远程攻击者可以利用漏洞访问其他域中的敏感信息。 构建包含恶意JavaScript的WEB页，诱使用户访问，可导致访问其他域中的信息。 Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 3...

Debian DSA-1339-1 : iceape - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing...

Debian DSA-1337-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection...

Debian DSA-1338-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race...

[SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1339-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 23rd, 2007 http://www.debian.org/security/faq -...

DSA-1339-1 iceape - several

Bulletin has no description...

USN-490-1: Firefox vulnerabilities

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-3734, CVE-2007-3735 Flaws were discovered in the JavaScript methods addEventListener and setTimeo...