8267 matches found
Apple Safari cross-domain HTTP redirection race condition
Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...
DEBIAN-CVE-2007-3165
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers...
Mozilla Firefox allows cross-domain iframe access via JavaScript
Overview Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Description An iframe is an HTML element which allow...
USN-468-1: Firefox vulnerabilities
Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-2867, CVE-2007-2868 A flaw was discovered in the form autocomplete feature. By tricking a user in...
CVE-2007-2870
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting XSS and other attacks by using the addEventListener method to add an event listener for a site, which is executed ...
CVE-2007-2870
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting XSS and other attacks by using the addEventListener method to add an event listener for a site, which is executed ...
Cross site scripting
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting XSS and other attacks by using the addEventListener method to add an event listener for a site, which is executed ...
CVE-2007-2870
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting XSS and other attacks by using the addEventListener method to add an event listener for a site, which is executed ...
CVE-2007-2870
CVE-2007-2870 affects Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, as well as SeaMonkey 1.0.9 and 1.1.2. The vulnerability arises from using addEventListener to register an event listener for a site, which can then execute in the context of that site and bypass the same-origin po...
Mozilla Foundation Security Advisory 2007-16
Title: XSS using addEventListener Impact: High Announced: May 30, 2007 Reporter: mozbugra4 Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.4 Firefox 1.5.0.12 SeaMonkey 1.0.9 SeaMonkey 1.1.2 Description Mozilla contributor mozbugra4 demonstrated that the addEventListener method could be used ...
security flaw
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting XSS and other attacks by using the addEventListener method to add an event listener for a site, which is executed ...
security flaw
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting XSS and other attacks by using the addEventListener method to add an event listener for a site, which is executed ...
XSS using addEventListener — Mozilla
Mozilla contributor mozbugra4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...
: seamonkey cookie setting / same-domain bypass vulnerability
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...
: seamonkey cookie setting / same-domain bypass vulnerability
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...
: seamonkey cookie setting / same-domain bypass vulnerability
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...
: seamonkey cookie setting / same-domain bypass vulnerability
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...
: seamonkey cookie setting / same-domain bypass vulnerability
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...
CVE-2007-1084
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...
DEBIAN-CVE-2007-1084
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...