Mozilla Firefox 3.x < 3.0.5 Multiple Vulnerabilities

Binary data 4793.prm...

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

Information stealing via loadBindingDocument — Mozilla

Mozilla developer Boris Zbarsky reported that XBL bindings could be used to read data from other domains, a violation of the same-origin policy. The severity of this issue was determined to be moderate due to several mitigating factors:...

XSS vulnerabilities in SessionStore — Mozilla

Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin...

XSS and JavaScript privilege escalation — Mozilla

Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website...

Debian: Security Advisory (DSA-1671-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Description Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities. Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges,...

Debian Security Advisory DSA 1671-1 (iceweasel)

The remote host is missing an update to iceweasel announced via advisory DSA 1671-1. OpenVAS Vulnerability Test $Id: deb16711.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1671-1 iceweasel Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

USN-668-1: Thunderbird vulnerabilities

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on t...

SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)

This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues : - The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocatio...

Java RE allows Same Origin Policy to be Bypassed (6687932)

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

Debian DSA-1671-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0017 Justin Schuh discovered that a buffer overflow in the http-index-forma...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5812)

This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check...

openSUSE 10 Security Update : seamonkey (seamonkey-5815)

This update brings the Mozilla SeaMonkey browser to version 1.1.13. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check...

[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1671-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2008 http://www.debian.org/security/faq -...

Debian DSA-1669-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser...

DSA-1671-1 iceweasel - several vulnerabilities

Bulletin has no description...

DSA-1669-1 xulrunner - several vulnerabilities

Bulletin has no description...

nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

Mozilla Image stealing via canvas and HTTP redirect

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are no...