Mozilla URL token stealing flaw

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original UR...

Mozilla URL token stealing flaw

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original UR...

Mozilla URL token stealing flaw

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original UR...

Privilege escalation, XSS, Remote Code Execution — Mozilla

Mozilla contributors mozbugra4 and Boris Zbarsky submitted a series of vulnerabilities which allow scripts from page content to escape from its sandboxed context and/or run with chrome privileges. An additional vulnerability reported by mozbugra4 demonstrated that the XMLDocument.load function ca...

AZL-6512 CVE-2007-4998 affecting package kernel for versions less than 5.10.78.1-1

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination...

Debian: Security Advisory (DSA-1338-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1339-1 (iceape)

The remote host is missing an update to iceape announced via advisory DSA 1339-1. OpenVAS Vulnerability Test $Id: deb13391.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1339-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1338-1 (iceweasel)

The remote host is missing an update to iceweasel announced via advisory DSA 1338-1. OpenVAS Vulnerability Test $Id: deb13381.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1338-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1337-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 1337-1. OpenVAS Vulnerability Test $Id: deb13371.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1337-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

jar: protocol XSS

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3756)

This update brings Mozilla Firefox to security update version 2.0.0.4 - Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. MFSA 2007-1...

jar: protocol XSS

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting XSS...

Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-468-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-2867, CVE-2007-2868 A flaw was discovered in the form autocomplete feature. By tricking a user in...

Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-3734, CVE-2007-3735 Flaws were discovered in the JavaScript methods addEventListener and setTimeo...

GLSA-200710-31 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200710-31 Opera: Multiple vulnerabilities Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different...

Opera: Multiple vulnerabilities

Background Opera is a multi-platform web browser. Description Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly...

FreeBSD : opera -- multiple vulnerabilities (44224e08-8306-11dc-9283-0016179b2dd5)

An advisory from Opera reports : If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accessing frames from...

Opera浏览器远程代码执行及绕过同源策略漏洞

BUGTRAQ ID: 26100,26102 CVECAN ID: CVE-2007-5540,CVE-2007-5541 Opera是一款流行的WEB浏览器，支持多种平台。 Opera的实现上存在多个漏洞，远程攻击者可能利用这些漏洞控制用户系统。 如果用户将Opera配置为使用外部新闻组客户端或邮件应用程序的话，特制的网页可能导致Opera错误地运行该应用程序，在某些情况下这可能导致执行任意指令。 在访问不同站点的帧的时候，特制的脚本可能绕过同源策略覆盖这些帧的函数。如果之后页面的脚本运行了这些函数的话，就可能导致在目标站点的环境中运行攻击者所提供的脚本。 Opera Softwar...

CVE-2007-5540

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors...