8267 matches found
DEBIAN-CVE-2006-1732
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting XSS attacks via unspecified vectors involving the...
CVE-2006-1732
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting XSS attacks via unspecified vectors involving the...
CVE-2006-1732
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting XSS attacks via unspecified vectors involving the...
Cross site scripting
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting XSS attacks via unspecified vectors involving the...
CVE-2006-1732
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting XSS attacks via unspecified vectors involving the...
CVE-2006-1732
Technical details (affected products, root cause, and exploit specifics) for CVE-2006-1732 are not provided in the supplied documents. Monitor for updates from official advisories.
Cross-site scripting using .valueOf.call() — Mozilla
mozbugra4 discovered that .valueOf.call and .valueOf.apply when called with no arguments were returning the Object class prototype rather than the caller's global window object. When called on a reachable property of another window this provides a hook to get around the same-origin protection,...
cross-site scripting through window.controllers — Mozilla
shutdown demonstrated how to use the window.controllers array to bypass same-origin protections, allowing a malicious site to inject script into content from another site. This could allow the malicious page to steal information such as cookies or passwords from the other site, or perform...
CVE-2006-0400
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."...
Design/Logic Flaw
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."...
CVE-2006-0400
CVE-2006-0400 affects Apple Mac OS X 10.4 up to 10.4.5 (CoreTypes). Affected component: CoreTypes, with a flaw that allows remote attackers to bypass the same-origin policy and execute JavaScript in other domains via crafted archives. Root cause details are not explicitly provided in the document...
CVE-2006-0400
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."...
CVE-2006-0299
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...
DEBIAN-CVE-2006-0299
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...
CVE-2006-0299
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...
Design/Logic Flaw
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...
CVE-2006-0299
CVE-2006-0299 affects Mozilla Firefox up to 1.5.0.1, Thunderbird 1.5 (when JavaScript runs in mail), and SeaMonkey before 1.0. The issue arises from the E4X implementation exposing the internal AnyName object to external interfaces, allowing multiple cooperating domains to exchange information an...
CVE-2006-0299
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...
[Full-disclosure] -moz-binding CSS property: more XSS fun
Hm, I haven't seen this posted here ... Firefox now supports the -moz-binding CSS property, which associate XBL1 with an element. The same origin policy is not applied. This is a problem because XBL may contain JavaScript and it runs with full access to content. There is a bug report2 filed, but ...
Code injection
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service crash via a large number of connections from the same IP address...