Firefox cross-origin data theft through document.getSelection()

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function...

Firefox cross-origin data theft through document.getSelection()

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function...

Cross-origin data theft through document.getSelection() — Mozilla

Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was...

openSUSE Security Update : seamonkey (seamonkey-1364)

seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run...

SuSE9 Security Update : epiphany (YOU Patch Number 12519)

This update brings the Mozilla SeaMonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to : - Same-origin violations when Adobe Flash loaded via...

SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 656)

The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)

The Mozilla Firefox Browser was refreshed to the current MOZILLA18 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5826)

This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : - The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure,...

SuSE 10 Security Update : Epiphany (ZYPP Patch Number 5889)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute...

SuSE9 Security Update : Epiphany (YOU Patch Number 12326)

The Mozilla Browser received backports for security problems in 1.8.1.14. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary...

Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability

Google Chrome is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability

This host is installed with Google Chrome and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromegetsvgdocumentxssvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability Authors: Sharath S...

Cross site scripting

The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG...

CVE-2009-3264

The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG...

CVE-2009-3264

Removed by vendor...

CVE-2009-3264

The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG...

CVE-2009-3264

Google Chrome before 3.0.195.21 is affected by CVE-2009-3264: getSVGDocument omits an access check, allowing remote servers to bypass Same Origin Policy and trigger cross-site scripting via unspecified vectors related to visiting an SVG-hosting page. The vulnerability is documented in multiple fe...

Google Chrome < 3.0.195.21 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 3.0.195.21. Such versions are reportedly affected by multiple issues : - Google Chrome's inbuilt RSS/ATOM reader renders untrusted JavaScript in an RSS/ATOM feed. Provided a victim connects to a RSS/ATOM feed link controlle...

ScribeFire Firefox Extension - Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. ScribeFire Firefox Extension Code Injection Vulnerability Versions affected: 3.4.2 +-----------+ |Description| +-----------+ The ScribeFire Firefox extension provides an interface f...

Update Scanner - Firefox Extension - Chrome Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Update Scanner Chrome Privileged Code Injection +-----------+ |Description| +-----------+ Security-Assessment.com discovered that Update Scanner is vulnerable to Cross Site Scriptin...