6 matches found
EUVD-2012-4149
Malware in sbrugna...
Cross-site Scripting (XSS)
firefox is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect contex...
Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
Multiple vulnerabilities have been found in Iceape, the Debian Internet suite based on Mozilla Seamonkey: CVE-2012-5829Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. CVE-2012-5842Multiple unspecified vulnerabilities in th...
DSA-2583-1 iceweasel - several
Bulletin has no description...
CVE-2012-4205
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...
CVE-2012-4201
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...