8281 matches found
Clientless SSL VPNs Break Web Browser Security Models
Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms, according to a warning from the U.S. Computer Emergency Response Team US-CERT. This security problem, discussed since at least 2006, could let an attacker could use these device...
Clientless SSL VPN products break web browser domain-based security models
Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. Description Web browsers enforce the same origin policy to prevent one...
Google Chrome帧同源策略绕过漏洞
Bugraq ID: 37067 Google Chrome Frame是一款浏览器插件,可使用户的浏览器外观依然是IE的菜单和界面,但实际是Google Chrome浏览器内核浏览网页。 Google Chrome Frame存在安全漏洞允许攻击者绕过同源策略并执行特权操作。 Google Chrome Frame 4.0.223.9 Google Chrome Frame 4.0.245.1 Official Build 31970已经修复此漏洞,建议用户下载使用: http://www.google.com/chromeframe 建立如下HTML文档并进行测试: iframe...
GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200911-02 Sun JDK/JRE: Multiple vulnerabilities Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A...
Mike Bailey on Adobe Flash Vulnerabilities
Dennis Fisher talks with Mike Bailey of Foreground Security about his research on Adobe Flash flaws, the same-origin policy and Web site security. Podcast audio courtesy of sykboy65 Download Subscribe to the Digital Underground podcast on Image via AJolly‘s Flickr photostream...
Adobe Flash Vulnerability a Serious Problem, Experts Say
The same-origin policy vulnerability in Adobe Flash that was disclosed last week by a researcher at Foreground Security is more serious than just a simple software flaw, experts say. It illustrates a fundamental flaw in the way that Flash objects are handled by Web servers and Web browsers, alike...
USN-853-2: Firefox and Xulrunner regression
USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Alin Ra...
RedHat Security Advisory RHSA-2009:1530
The remote host is missing updates announced in advisory RHSA-2009:1530. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime NSPR. A flaw was found in the way Firefox handles form history. A...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6606)
The Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user's form history, both from web content as well as the smart location bar, was vulnerable to theft....
SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1488)
The Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user's form history, both from web content as well as the smart location bar, was vulnerable to theft....
Firefox document.getSelect跨域信息泄露漏洞
BUGTRAQ ID: 36858 CVE ID: CVE-2009-3375 Firefox是一款流行的开源WEB浏览器。 Firefox的content/html/document/src/nsHTMLDocument.cpp允许远程攻击者通过document.getSelection函数绕过同源策略,读取其他域中的高亮显示的文本。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1922-1)以及相应补丁: DSA-1922-1:New xulrunner...
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities (USN-853-1)
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoki...
USN-853-1: Firefox and Xulrunner vulnerabilities
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoki...
CVE-2009-3375
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function...
CVE-2009-3375
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function...
Design/Logic Flaw
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function...
CVE-2009-3375
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function...
CVE-2009-3375
CVE-2009-3375 affects Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4. The issue allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via document.getSelection. The connected MiracleLinux advisory lists CVE-2009-3375 among fixed...
Mozilla Firefox < 3.0.15 / 3.5.4 Multiple Vulnerabilities
Binary data 801352.prm...
DSA-1922-1 xulrunner - several vulnerabilities
Bulletin has no description...