8265 matches found
CVE-2009-0776
CVE-2009-0776 affects Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15. Root cause: nsIRDFService allows a cross-domain redirect to bypass the same-origin policy, enabling reading XML data from a different domain. Impact per sources: remote read access to cro...
Firefox XML data theft via RDFXMLDataSource and cross-domain redirect
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...
Firefox XML data theft via RDFXMLDataSource and cross-domain redirect
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...
XML data theft via RDFXMLDataSource and cross-domain redirect — Mozilla
Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users...
CVE-2009-0776
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect...
USN-717-1: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...
[SECURITY] Fedora 10 Update: sudo-1.6.9p17-5.fc10
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
Google Chrome Multiple Vulnerabilities (Feb 2009)
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-0354
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...
Design/Logic Flaw
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the 1 about:plugins and 2 about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a...
CVE-2009-0354
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...
Cross site scripting
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...
CVE-2009-0356
CVE-2009-0356 affects Mozilla Firefox before 3.0.6 and SeaMonkey, where links to about:plugins and about:config URIs in .desktop files are not blocked. This can bypass Same Origin Policy and allow a user-assisted remote attacker to execute arbitrary code with chrome privileges via a Desktop Entry...
CVE-2009-0354
CVE-2009-0354 : Mozilla Firefox 3.x prior to 3.0.6 contains a cross-domain vulnerability where a chrome XBL method used with window.eval can bypass the Same Origin Policy, enabling access to another window’s properties and potential XSS. Affected: Firefox 3.x up to 3.0.5. Impact: SOP bypass and c...
CVE-2009-0354
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...
Firefox XSS using a chrome XBL method and window.eval
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...
Firefox Chrome privilege escalation via local .desktop files
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the 1 about:plugins and 2 about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a...
Firefox 3.0.x < 3.0.6 Multiple Vulnerabilities
The installed version of Firefox 3.0.x is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. MFSA 2009-01 - A chrome XBL method can be...
Mozilla Firefox 3.x < 3.0.6 Multiple Vulnerabilities
Binary data 4922.prm...
Cross site scripting
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame...