EUVD-2025-203473

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

EUVD-2005-1163

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2011-2830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of...

SUSE CVE-2006-5463

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...

SUSE CVE-2016-7879

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-3059

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution...

CVE-2017-14824

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-3059

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution...

UBUNTU-CVE-2017-3059

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution...

Design/Logic Flaw

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution...

flash-plugin: multiple code execution issues fixed in APSB17-10

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution...

CVE-2016-7879

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution...

Google Chrome v8 script object wrapper vulnerability

Google Chrome is an open source WEB browser. A security vulnerability exists in the v8 script object wrapper in Google Chrome, which can be exploited by remote attackers to cause a denial of service and other remote attacks...

Mozilla Foundation Security Advisory 2007-35

Mozilla Foundation Security Advisory 2007-35 Title: XPCNativeWraper pollution using Script object Impact: Critical Announced: October 18, 2007 Reporter: mozbugra4 Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description Mozilla security researcher mozbugra4 reported that...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed...

XPCNativeWraper pollution using Script object — Mozilla

Mozilla security researcher mozbugra4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same...

openSUSE 10 Security Update : seamonkey (seamonkey-2250)

This security update brings Mozilla SeaMonkey to version 1.0.6. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements ...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2251)

This update brings MozillaFirefox to the security update release 1.5.0.8, including the following security fixes. Full details can be found on: http://www.mozilla.org/projects/security/known-vulnerabilities.html MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the...

Mozilla Firefox/SeaMonkey/Thunderbird多个远程安全漏洞

Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。 上述产品中存在多个安全漏洞，具体如下： 1 Mozilla产品中所捆绑的网络安全服务（NSS）库如果以指数3使用RSA密钥的话，就无法正确的处理签名中的额外数据，允许攻击者伪造SSL/TLS和邮件证书。这个漏洞是MFSA 2006-60中所报告RSA签名漏洞的变种。 2 攻击者可以在执行期间修改Script对象，导致执行任意JavaScript bytecode。 3...

CVE-2006-5463

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...