Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows)

The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtssjowmultvulnwin.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products 'SJOW' Multiple Vulnerabilities Windows Authors: Madhuri D Copyright:...

Mozilla Foundation Security Advisory 2010-60

Mozilla Foundation Security Advisory 2010-60 Title: XSS using SJOW scripted function Impact: High Announced: September 7, 2010 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.5.12 Thunderbird 3.0.7 SeaMonkey 2.0.7 Description Mozilla security researcher mozbugra4...

Ubuntu Update for thunderbird vulnerabilities USN-978-1

Ubuntu Update for Linux kernel vulnerabilities USN-978-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9781.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for thunderbird vulnerabilities USN-978-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Mozilla Products 'SJOW' Multiple Vulnerabilities (MFSA2010-60) - Windows

Mozilla Firefox/Seamonkey/Thunderbird are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-2763

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...

Cross site scripting

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...

CVE-2010-2763

CVE-2010-2763 concerns the XPCSafeJSObjectWrapper (SJOW) in Mozilla’s Firefox/XULRunner implementation. The connected documents confirm a logical error in the SJOW scripted function handling on the Mozilla 1.9.1 development branch, allowing a caller to execute a function in the context of another...

CVE-2010-2763

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...

Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-975-1)

Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-2760, CVE-2010-2767, CVE-2010-3167 Blake Kaplan and Michal Zalewski discovered several weaknesses in t...

Debian DSA-2106-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2760, CVE-2010-3167, CVE-2010-3168 Implementation errors in XUL processing allow the...

USN-978-1: Thunderbird vulnerabilities

Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. CVE-2010-2760, CVE-2010-2767, CVE-2010-3167 It was discovered that the XPCSafeJSObjectWrapper SJOW security...

[SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2106-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 08, 2010 http://www.debian.org/security/faq -...

CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...

Design/Logic Flaw

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...

CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...

CVE-2010-3259

CVE-2010-3259 affects WebKit and WebKitGTK+ components across Safari and Chrome. Root cause: read access to images derived from CANVAS elements was not properly restricted, allowing a remote site to bypass the Same Origin Policy and obtain potentially sensitive image data. Affected versions inclu...

CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially...

CVE-2010-3259

Removed by vendor...

XSS using SJOW scripted function — Mozilla

Mozilla security researcher mozbugra4 reported that the wrapper class XPCSafeJSObjectWrapper SJOW on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation ...

CVE-2010-2763

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct...