8264 matches found
CVE-2008-5507
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...
CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
CVE-2008-5506
CVE-2008-5506 affects Mozilla components (e.g., Firefox/Thunderbird/SeaMonkey) where an XMLHttpRequest to an attacker-controlled resource that performs a 302 redirect to a different domain can bypass same-origin policy, allowing reading of the redirected response. This can enable a remote attacke...
CVE-2008-5507
CVE-2008-5507 affects Mozilla products: Firefox 2.x before 2.0.0.19, Firefox 3.x before 3.0.5, SeaMonkey 1.x before 1.1.14, and Thunderbird 2.x before 2.0.0.19. Root cause: bypass of the same-origin policy via a JavaScript URL that redirects to a target resource, triggering an error if the target...
CVE-2008-5511
Affected software: Mozilla Firefox (3.x before 3.0.5; 2.x before 2.0.0.19), Mozilla Thunderbird (2.x before 2.0.0.19), and SeaMonkey (1.x before 1.1.14). Root cause: vulnerability in XBL bindings allowing an XSS payload via an unloaded document, combined with bypass of the same-origin policy (CVE...
CVE-2008-5503
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL...
Firefox XMLHttpRequest 302 response disclosure
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
Firefox XSS via XBL bindings to unloaded document
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
Firefox Cross-domain data theft via script redirect error message
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...
Firefox XSS vulnerabilities in SessionStore
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...
Firefox Cross-domain data theft via script redirect error message
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...
Firefox XMLHttpRequest 302 response disclosure
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
Firefox XSS via XBL bindings to unloaded document
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
Firefox 2 Information stealing via loadBindingDocument
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL...
CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
SeaMonkey < 1.1.14 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 1.1.14. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. MFSA 2008-60 - XBL bindings can be used to rea...
PT-2008-6579 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 2.x through 2.0.0.18 Mozilla Firefox versions 3.x through 3.0.4 Description: The issue allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct...
CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
CVE-2008-5513
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...
SeaMonkey < 1.1.14 Multiple Vulnerabilities
Binary data 4794.prm...