Mozilla cross-site information disclosure via modal calls

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

CentOS Update for firefox CESA-2010:0782 centos4 i386

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2010:0782 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Debian DSA-2124-1 : xulrunner - several vulnerabilities

Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3765 Xulrunner allows remot...

Mozilla Firefox Modal调用跨域信息泄露漏洞

BUGTRAQ ID: 44252 CVECAN ID: CVE-2010-3178 Firefox是一款非常流行的开源WEB浏览器。 如果网页打开了新的窗口并使用javascript: URL执行modal调用，如alert，且之后将网页导航到了不同的域，则modal调用返回到窗口的打开程序就可以访问所导航到窗口中的对象。这违反了同源策略，允许用户窃取其他网站的敏感信息。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla Thunderbird 3.1.x Mozilla Thunderbird 3.0.x Mozilla...

Mandriva Linux Security Advisory : firefox (MDVSA-2010:210)

Security issues were identified and fixed in firefox : Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:211)

Security issues were identified and fixed in mozilla-thunderbird : The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral...

Mozilla Foundation Security Advisory 2010-69

Mozilla Foundation Security Advisory 2010-69 Title: Cross-site information disclosure via modal calls Impact: High Announced: October 19, 2010 Reporter: Eduardo Vela Nava Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonke...

RedHat Update for firefox RHSA-2010:0782-01

Check for the Version of firefox OpenVAS Vulnerability Test RedHat Update for firefox RHSA-2010:0782-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Ubuntu: Security Advisory (USN-998-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

Design/Logic Flaw

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

CVE-2010-3178

CVE-2010-3178 affects Mozilla Firefox (before 3.5.14 and 3.6.x before 3.6.11), Thunderbird (before 3.0.9 and 3.1.x before 3.1.5), and SeaMonkey (before 2.0.9). The issue arises from improper handling of certain modal calls made by javascript: URLs when opening a new window and performing cross-do...

Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-998-1)

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the...

USN-998-1: Thunderbird vulnerabilities

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the...

USN-997-1: Firefox and Xulrunner vulnerabilities

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the...

Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass

Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address. Thi...

Mozilla cross-site information disclosure via modal calls

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

Cross-site information disclosure via modal calls — Mozilla

Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert, then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in th...