8265 matches found
CVE-2009-0276
Removed by vendor...
CVE-2009-0276
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame...
CVE-2009-0276
CVE-2009-0276 affects Google Chrome (V8 JavaScript engine) prior to 1.0.154.46. A cross-domain vulnerability lets a crafted script bypass the Same Origin Policy, enabling reading the full URL of another frame and potentially other sensitive data, or modifying the URL of the target frame. The vuln...
XSS using a chrome XBL method and window.eval — Mozilla
Mozilla security researcher mozbugra4 reported that a chrome XBL method can be used in conjunction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy...
Google Chrome < 1.0.154.46 Multiple Vulnerabilities
Binary data 4920.pasl...
Charset Inheritance vulnerability in Internet Explorer 6 и Google Chrome
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Charset Inheritance уязвимости в Internet Explorer 6 и Google Chrome. В дополнение к ранее опубликованной информации http://securityvulns.ru/news/Browsers/Charset/XSS.html о данной уязвимости в других браузерах. Данная уязвимость в браузерах,...
Firefox Information Disclosure Vulnerability (Jan 2009) - Windows
Mozilla Firefox browser is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Google Chrome Information Disclosure Vulnerability
This host is installed with Google Chrome and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromeinfodisvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome Information Disclosure Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 200...
Ubuntu USN-701-2 (mozilla-thunderbird)
The remote host is missing an update to mozilla-thunderbird announced via advisory USN-701-2. Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges...
Debian: Security Advisory (DSA-1696-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5900)
The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...
Debian DSA-1696-1 : icedove - several vulnerabilities
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer...
Firefox 2 Information stealing via loadBindingDocument
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL...
Firefox XSS via XBL bindings to unloaded document
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
Firefox XMLHttpRequest 302 response disclosure
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
Firefox XSS vulnerabilities in SessionStore
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...
Firefox Cross-domain data theft via script redirect error message
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5885)
The Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which conte...
DSA-1697-1 iceape - several vulnerabilities
Bulletin has no description...
DSA-1696-1 icedove - several vulnerabilities
Bulletin has no description...