8276 matches found
WebKit - JavaScript onload() Event Cross Domain Scripting
WebKit - JavaScript onload Event Cross Domain Scripting source: https://www.securityfocus.com/bid/35315/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages. A remote attacker can exploit this...
WebKit - JavaScript 'onload()' Event Cross Domain Scripting
source: https://www.securityfocus.com/bid/35315/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtai...
Google Chrome Multilpe XSS Vulnerabilities (May 09)
The host is installed with Google Chrome and is prone to multiple XSS vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultxssvulnmay09.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome Multilpe XSS Vulnerabilities May 09 Authors: Nikita MR Copyright: Copyright c 2009 Greenbone...
Ann can resolution I is male and female it?-- Keep track of the same shape word attack techniques-vulnerability warning-the black bar safety net
An attacker in order to achieve the attack purpose, they in the network link can be described under the foot work: in order to convince the user to click a link, find ways to make these links look a bit of a problem are not, however, as long as the user clicks on to be brought into the...
Mozilla Firefox / Seamonkey multiple security vulnerabilities
Memory corruption, same policy origin violation, crossite scripting...
Mozilla Foundation Security Advisory 2009-19
Mozilla Foundation Security Advisory 2009-19 Title: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString Impact: High Announced: April 21, 2009 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla security researcher mozbugra4...
Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-717-1)
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-647-1)
It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. CVE-2008-3835 Several problems were discovered in...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-668-1)
Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on t...
Ubuntu 8.04 LTS : firefox-3.0, xulrunner-1.9 regression (USN-645-3)
USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes t...
Mozilla Foundation Security Advisory 2009-18
Mozilla Foundation Security Advisory 2009-18 Title: XSS hazard using third-party stylesheets and XBL bindings Impact: Low Announced: April 21, 2009 Reporter: Cefn Hoile Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Web developer Cefn Hoile reported that sites which...
Mozilla Foundation Security Advisory 2009-17
Mozilla Foundation Security Advisory 2009-17 Title: Same-origin violations when Adobe Flash loaded via view-source: scheme Impact: High Announced: April 21, 2009 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Security researcher Gregory...
Ubuntu 7.10 / 8.04 LTS / 8.10 : thunderbird vulnerabilities (USN-701-1)
Several flaws were discovered in the browser engine. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-741-1)
Several flaws were discovered in the browser engine. If JavaScript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2009-0352 Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had...
Design/Logic Flaw
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
Cross site scripting
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...
CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1309
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...
CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1309
CVE-2009-1309 affects Mozilla Firefox (pre-3.0.9) and its related Mozilla suite components (Thunderbird, SeaMonkey). The issue arises from improper Same Origin Policy handling for XMLHttpRequest (document principal mismatch) and XPCNativeWrapper.toString (incorrect proto scope), enabling cross-si...