8296 matches found
Design/Logic Flaw
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site,...
CVE-2011-2983
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site,...
CVE-2011-2993
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges vi...
Design/Logic Flaw
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D aka D2D API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data...
CVE-2011-2981
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript...
CVE-2011-2983
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site,...
CVE-2011-2993
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges vi...
CVE-2011-2981
The CVE-2011-2981 issue affects Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and related products. Root cause: the event-management implementation does not correctly choose the proper script context, allowing remote attackers to bypass the Same Origin Policy or run...
CVE-2011-2986
CVE-2011-2986 affects Mozilla Firefox 4.x–5, Thunderbird before 6, and SeaMonkey 2.x before 2.3 on Windows when using Direct2D. The issue allows cross‑origin data theft by inserting image data from a different domain into a canvas, potentially bypassing the Same Origin Policy. Root cause, as stat...
CVE-2011-2981
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript...
CVE-2011-2983
CVE-2011-2983 affects Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x. Root cause: improper handling of RegExp.input, which can bypass the Same Origin Policy and allow reading data from a different domain via a crafted page (potential use-after-free). E...
CVE-2011-2986
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D aka D2D API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data...
Firefox < 6.0 Multiple Vulnerabilities
The installed version of Firefox is earlier than 6.0 and thus, is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. CVE-2011-0084 - Several memory safety bugs exist in the browser engine that may permit remote co...
CentOS Update for seamonkey CESA-2011:0888 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows)
The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperahttpssessionsmultvulnwin.nasl 7044 2017-09-01 11:50:59Z teissa $ Opera 'HTTPS-Session' Multiple Vulnerabilities Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networ...
CVE-2011-2993
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges vi...
Mozilla: Privilege escalation using event handlers
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript...
Mozilla: Private data leakage using RegExp.input
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site,...
Mozilla: Private data leakage using RegExp.input
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site,...
Design/Logic Flaw
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via...