8369 matches found
SUSE-SU-2015:0704-2 Security update for MozillaFirefox
Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities were fixed: Miscellaneous memory safety hazards MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA 2015-31/CVE-2015-0813 resource:// documents...
SUSE-SU-2015:0704-1 Security update for MozillaFirefox
Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities were fixed: Miscellaneous memory safety hazards MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA 2015-31/CVE-2015-0813 resource:// documents...
SUSE-SU-2015:0706-1 Security update for Mozilla Firefox
Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities have been fixed: Miscellaneous memory safety hazards MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA 2015-31/CVE-2015-0813 resource://...
Mozilla Firefox/Thunderbird Same Origin Policy Bypass Arbitrary Code Execution Vulnerability
Mozilla Firefox/SeaMonkey is a WEB browser/newsgroup client released by Mozilla. The Mozilla Firefox/SeaMonkey incorrectly restricts resource: URL vulnerability, which allows remote attackers to bypass the same-origin policy and execute arbitrary JavaScript code with chrome privileges via a...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2550-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2550-1 advisory. Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially craft...
USN-2550-1: Firefox vulnerabilities
Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. CVE-2015-0801 Bobby Holley discovered that...
USN-2550-1 firefox vulnerabilities
Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. CVE-2015-0801 Bobby Holley discovered that...
Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...
CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
Design/Logic Flaw
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...
Design/Logic Flaw
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37
Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don’t support HTTPS. The new feature gives users a new defense against some for...
CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
CVE-2015-0801
CVE-2015-0801 describes a cross-domain bypass of Same Origin Policy in Mozilla Firefox (and derivatives) via anchor navigation to execute JavaScript with chrome privileges. The issue affects Firefox/Firefox ESR and Thunderbird (per initial entry and IBM/Debian advisories referencing these CVEs). ...
CVE-2015-0816
CVE-2015-0816 describes a privilege-escalation bypass in Mozilla Firefox and Thunderbird where resource: URLs could bypass Same Origin Policy to run arbitrary code with chrome privileges when combined with a separate SOP violation. Affected: Firefox up to 37.0 (ESR up to 31.x before 31.6) and Thu...
CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...
Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
firefox: multiple issues
CVE-2015-0801 same-origin bypass Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...