SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405)

Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory...

Java RE allows Same Origin Policy to be Bypassed (6687932)

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

Java RE allows Same Origin Policy to be Bypassed (6687932)

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

Sun Java SE多个未明同源策略冲突漏洞

BUGTRAQ ID: 30140 CNCAN ID：CNCAN-2008071006 Solaris系统的Java运行实时环境为JAVA应用程序提供可靠的运行环境。 Java运行实时环境存在同源策略绕过问题，远程攻击者可以利用漏洞绕过网络访问限制，与部分受限服务建立套接字连接。 攻击者可以构建不可信的Applet，诱使用户装载来触发。 Sun SDK Windows Production Release 1.4.217 Sun SDK Windows Production Release 1.3.122 Sun SDK Solaris Production Release 1.3.1 ...

Ubuntu 6.06 LTS / 7.04 / 7.10 : firefox vulnerabilities (USN-619-1)

Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2008-2798, CVE-2008-2799 Sever...

Cross site scripting

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

CVE-2008-2810

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut...

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

CVE-2008-2810

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut...

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2800

The CVE-2008-2800 entry affects Mozilla Firefox up to 2.0.0.15 and SeaMonkey up to 1.1.10, enabling remote XSS via bypassing Same Origin Policy. Reported vectors include an event handler on an outer window, a SCRIPT element in an unloaded document, and the onreadystatechange handler with XMLHttpR...

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

CVE-2008-2810

CVE-2008-2810 affects Mozilla Firefox prior to 2.0.0.15 and SeaMonkey prior to 1.1.10. Root cause: improper identification of the context of Windows shortcut files, enabling a user-assisted remote attacker to bypass the Same Origin Policy via a crafted site for which the user has saved a shortcut...

CVE-2008-2806

CVE-2008-2806 affects Mozilla Firefox <= 2.0.0.15 and SeaMonkey

CVE-2008-2810

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut...

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...