8365 matches found
CVE-2013-6657
CVE-2013-6657 affects Blink’s XSS auditor in Google Chrome prior to 33.0.1750.117. The description from multiple sources states that the XSS auditor’s handling of FORM elements within HTTP requests could insert the about:blank URL, enabling a bypass of the Same Origin Policy and allowing a leakag...
CVE-2013-6657
Removed by vendor...
CVE-2014-0266
The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to...
Information disclosure
The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to...
CVE-2014-0266
CVE-2014-0266 (MS14-005) affects Microsoft XML Core Services (MSXML) 3.0 used by Internet Explorer. The root cause is an information-disclosure vulnerability in the MSXML ActiveX controls that can be triggered when a user visits a specially crafted web page, allowing remote attackers to bypass th...
CentOS Update for firefox CESA-2014:0132 centos6
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2014:0132 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for firefox CESA-2014:0132 centos5
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2014:0132 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for thunderbird CESA-2014:0133 centos5
Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2014:0133 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
Updated Firefox & Thunderbird packages fix multiple security vulnerabilities
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...
CVE-2014-1487
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...
CVE-2014-1483
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...
Authentication flaw
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...
CVE-2014-1487
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...
Design/Logic Flaw
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...
CVE-2014-1483
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...
CVE-2014-1487
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...
CVE-2014-1487
CVE-2014-1487 affects Mozilla Firefox (Web workers) and related Mozilla suite components. The issue allows remote attackers to bypass Same Origin Policy and obtain sensitive authentication data via error-message handling in Web workers, affecting Firefox versions before 27.0 (and ESR 24.x before ...
CVE-2014-1483
Technical details for CVE-2014-1483 are not publicly provided in the connected documents; sources reference the CVE but do not disclose affected products, versions, root cause, impact, or fixes. Monitor for updates.
CVE-2011-3377
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...
Design/Logic Flaw
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...