8263 matches found
Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities
Binary data 4762.prm...
Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from...
USN-667-1: Firefox and xulrunner vulnerabilities
Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user's cache. CVE-2008-4582 Georgi Guninski, Michal...
Mozilla Firefox Internet快捷方式破坏同源策略漏洞
BUGTRAQ ID: 31611,31747 CVECAN ID: CVE-2008-4582 Firefox是非常流行的开源WEB浏览器。 Firefox在通过HTML单元启动URL快捷方式的时候没有正确地实施同源策略,如果在本地路径或Windows共享(UNC/SMB)路径中打开了网页的话,就可能读取任何位置的内容,包括缓存信息、Cookie、本地文件系统等。 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Mozilla Foundation Security Advisory 2008-48
Mozilla Foundation Security Advisory 2008-48 Title: Image stealing via canvas and HTTP redirect Impact: High Announced: November 12, 2008 Reporter: Georgi Guninski, Michal Zalewski, Chris Evans Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.18 Thunderbird 2.0.0.18 SeaMonkey...
Mozilla Foundation Security Advisory 2008-53
Mozilla Foundation Security Advisory 2008-53 Title: XSS and JavaScript privilege escalation via session restore Impact: Critical Announced: November 12, 2008 Reporter: David Bloom, mozbugra4 Products: Firefox Fixed in: Firefox 3.0.4 Firefox 2.0.0.18 Description Security researcher David Bloom...
CVE-2008-5019
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...
CVE-2008-5012
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are no...
CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...
CVE-2008-5019
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...
CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...
Cross site scripting
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...
Design/Logic Flaw
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are no...
Design/Logic Flaw
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...
CVE-2008-5012
CVE-2008-5012 affects Mozilla Firefox 2.x, Thunderbird 2.x, and SeaMonkey 1.x (before versions 2.0.0.18 / 1.1.13) where processing a canvas element and an HTTP redirect can bypass the same-origin policy, allowing access to images not directly accessible to the attacker. Several connected sources ...
CVE-2008-5019
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...
CVE-2008-5019
CVE-2008-5019 affects Mozilla Firefox 3.x prior to 3.0.4 and 2.x prior to 2.0.0.18. The session restore feature can bypass the same-origin policy, enabling cross-site scripting and arbitrary JavaScript execution with chrome privileges via unknown vectors. Mitigation per the connected advisories i...
CVE-2008-5012
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are no...
CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...
CVE-2008-5022
CVE-2008-5022 affects multiple Mozilla-based browsers: nsXMLHttpRequest::NotifyEventListeners in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13. Root cause: bypass of the same-origin policy due to bypassed inner window check...