Lucene search
K

89 matches found

openvas
openvas
added 2014/03/26 12:0 a.m.29 views

Mozilla Firefox Multiple Vulnerabilities-01 (Mar 2014) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

10CVSS8AI score0.83633EPSS
Exploits22References19
nvd
nvd
added 2014/03/19 10:55 a.m.20 views

CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document that is accessed after a browser restart...

2.6CVSS8.4AI score0.02064EPSS
Exploits0References8
cve
cve
added 2014/03/19 10:0 a.m.120 views

CVE-2014-1504

CVE-2014-1504 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The session-restore feature does not honor the CSP of data: URLs, enabling remote XSS via a crafted document opened after a browser restart. The impact stated is cross-site scripting with partial integrity/complete confide...

2.6CVSS8.1AI score0.02064EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2014/03/19 10:0 a.m.24 views

CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document that is accessed after a browser restart...

8.3AI score0.02064EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2014/03/18 12:0 a.m.25 views

CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document that is accessed after a browser restart...

2.6CVSS6.9AI score0.02064EPSS
Exploits0References3
mozilla
mozilla
added 2014/03/18 12:0 a.m.48 views

Content Security Policy for data: documents not preserved by session restore — Mozilla

Security researcher Nicolas Golubovic reported that the Content Security Policy CSP of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting XSS attack. The targ...

2.6CVSS8.1AI score0.02064EPSS
Exploits0References2Affected Software2
nessus
nessus
added 2014/02/11 12:0 a.m.34 views

Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox vulnerabilities (USN-2102-1)

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox...

10CVSS8.2AI score0.07072EPSS
Exploits11References15
prion
prion
added 2014/02/06 5:44 a.m.27 views

Code injection

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service session restore via a crafted web site...

4.3CVSS6.8AI score0.01932EPSS
Exploits0References13Affected Software7
cve
cve
added 2014/02/06 2:0 a.m.141 views

CVE-2014-1489

Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.

4.3CVSS8.7AI score0.01932EPSS
Exploits0References13Affected Software1
ubuntucve
ubuntucve
added 2014/02/05 12:0 a.m.27 views

CVE-2014-1489

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service session restore via a crafted web site...

4.3CVSS6.9AI score0.01932EPSS
Exploits0References3
nessus
nessus
added 2009/07/21 12:0 a.m.38 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

10CVSS8.8AI score0.03201EPSS
Exploits0References12
nessus
nessus
added 2009/07/21 12:0 a.m.41 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

10CVSS8.8AI score0.03201EPSS
Exploits0References12
nessus
nessus
added 2009/04/23 12:0 a.m.46 views

Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1)

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502 It was discovered that Firefox did not properly handle persistent cookie data. If ...

10CVSS8.4AI score0.03201EPSS
Exploits0References12
openvas
openvas
added 2009/03/23 12:0 a.m.26 views

Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1

Ubuntu Update for Linux kernel vulnerabilities USN-690-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6901.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks Gmb...

10CVSS1.3AI score0.03201EPSS
Exploits0References2
nessus
nessus
added 2009/01/16 12:0 a.m.250 views

Debian DSA-1707-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS...

10CVSS8.4AI score0.03201EPSS
Exploits0References21
ubuntu
ubuntu
added 2008/12/18 12:8 a.m.76 views

USN-690-2: Firefox vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An...

10CVSS8.3AI score0.03201EPSS
Exploits0
ubuntu
ubuntu
added 2008/12/17 11:50 p.m.59 views

USN-690-1: Firefox and xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502 It was discovered that Firefox did not properly handle persistent cookie data. If ...

10CVSS8.4AI score0.03201EPSS
Exploits0
nvd
nvd
added 2008/12/17 11:30 p.m.16 views

CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

4.3CVSS5.8AI score0.01784EPSS
Exploits0References24
cve
cve
added 2008/12/17 11:0 p.m.99 views

CVE-2008-5513

CVE-2008-5513 affects Mozilla Firefox. The issue arises in the session-restore feature, where restoration of SessionStore data can bypass the Same Origin Policy, enabling content injection and cross-site scripting (XSS) via unknown vectors. Affected products/versions include Firefox 3.x prior to ...

4.3CVSS8.9AI score0.01784EPSS
Exploits0References24Affected Software3
ubuntucve
ubuntucve
added 2008/12/17 12:0 a.m.26 views

CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

4.3CVSS5.9AI score0.01784EPSS
Exploits0References3
Rows per page
Query Builder