8271 matches found
CVE-2007-4431
CVE-2007-4431 is a cross-domain vulnerability affecting Apple Safari for Windows 3.0.3 and earlier. The issue allows remote attackers to bypass the Same Origin Policy via a crafted body.innerHTML value, enabling potential frame hijacking from local zones to external domains. The description is su...
Apple Safari Beta同源策略冲突漏洞
Apple Safari是一款苹果公司开发的WEB浏览器。 Apple Safari Beta存在同源策略冲突问题,远程攻击者可以利用漏洞访问其他域中的敏感信息。 构建包含恶意JavaScript的WEB页,诱使用户访问,可导致访问其他域中的信息。 Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 3...
Debian DSA-1339-1 : iceape - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing...
Debian DSA-1338-1 : iceweasel - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race...
Debian DSA-1337-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection...
[SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1339-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 23rd, 2007 http://www.debian.org/security/faq -...
DSA-1339-1 iceape - several
Bulletin has no description...
USN-490-1: Firefox vulnerabilities
Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-3734, CVE-2007-3735 Flaws were discovered in the JavaScript methods addEventListener and setTimeo...
Unauthorized access to wyciwyg:// documents — Mozilla
Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached wyciwyg documents. It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data...
XSS using addEventListener and setTimeout — Mozilla
Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...
Firefox wyciwyg:// cache zone bypass
There is an interesting vulnerability in how Mozilla Firefox handles internal wyciwyg:// pseudo-URIs. These cache-related resource identifiers are meant to be inaccessible by the user - but there are at least three routes to bypass these restrictionss, one of which - HTTP 302 redirect - also...
Cross site scripting
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...
CVE-2007-3514
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...
CVE-2007-3514
CVE-2007-3514 describes a cross-domain vulnerability in Apple Safari for Windows 3.0.2 where JavaScript that overwrites the document variable and statically assigns the document.domain to a file:// location bypasses the Same Origin Policy and allows access to restricted information from other dom...
CVE-2007-3514
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...
CVE-2007-3481
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue...
CVE-2007-3482
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...
Cross site scripting
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...
CVE-2007-3481
CVE-2007-3481 concerns a cross-domain issue in Microsoft Internet Explorer 6 and 7 where a remote attacker could bypass the Same Origin Policy by a JavaScript action that overwrites the document variable and statically sets the document.domain attribute. The connected PT-security entry confirms a...
CVE-2007-3482
CVE-2007-3482 concerns Cross-domain vulnerability in Apple Safari for Windows 3.0.1 where JavaScript can overwrite the document variable and statically set document.domain, allowing a remote attacker to bypass the same-origin policy and access restricted information from other domains. The connec...