Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-3734, CVE-2007-3735 Flaws were discovered in the JavaScript methods addEventListener and setTimeo...

GLSA-200710-31 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200710-31 Opera: Multiple vulnerabilities Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different...

Opera: Multiple vulnerabilities

Background Opera is a multi-platform web browser. Description Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly...

FreeBSD : opera -- multiple vulnerabilities (44224e08-8306-11dc-9283-0016179b2dd5)

An advisory from Opera reports : If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accessing frames from...

Opera浏览器远程代码执行及绕过同源策略漏洞

BUGTRAQ ID: 26100,26102 CVECAN ID: CVE-2007-5540,CVE-2007-5541 Opera是一款流行的WEB浏览器，支持多种平台。 Opera的实现上存在多个漏洞，远程攻击者可能利用这些漏洞控制用户系统。 如果用户将Opera配置为使用外部新闻组客户端或邮件应用程序的话，特制的网页可能导致Opera错误地运行该应用程序，在某些情况下这可能导致执行任意指令。 在访问不同站点的帧的时候，特制的脚本可能绕过同源策略覆盖这些帧的函数。如果之后页面的脚本运行了这些函数的话，就可能导致在目标站点的环境中运行攻击者所提供的脚本。 Opera Softwar...

CVE-2007-5540

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...

CVE-2007-5540

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...

CVE-2007-5540

The provided documents confirm CVE-2007-5540 affects Opera (pre-9.24) and enables bypassing the same-origin policy when displaying frames from different sites. The root cause is described as an unspecified flaw in how Opera handles cross-domain frames, allowing remote attackers to overwrite funct...

CVE-2007-5540

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...

Opera < 9.24 Multiple Vulnerabilities

The version of Opera installed on the remote host reportedly may allow for arbitrary code execution if it has been configured to use an external news reader or email client and a user views a specially crafted web page. In addition, it may also allow a script to bypass the same-origin policy and...

openSUSE 10 Security Update : seamonkey (seamonkey-3984)

This update fixes several security issues in Mozilla SeaMonkey 1.1.3. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven't been proven to be exploitable. 25 were in...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541)

This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content...

openSUSE 10 Security Update : seamonkey (seamonkey-3632)

This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...

opera -- multiple vulnerabilities

An advisory from Opera reports: If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accesing frames from differen...

openSUSE 10 Security Update : seamonkey (seamonkey-3631)

This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...

Scripts can overwrite functions on pages from other domains – Opera Security Advisories

Scripts can overwrite functions on pages from other domains – Opera Security Advisories OPCOM Team | October 16, 2007 Scripts can overwrite functions on pages from other domains. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prior to Opera 9.24. Problem Description...

Scripts can overwrite functions on pages from other domains

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...

CVE-2007-4431

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...