Lucene search
K

130 matches found

Exploit DB
Exploit DB
added 2015/12/17 12:0 a.m.32 views

Adobe Flash TextField.antiAliasType Setter - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=560 There is a use-after-free in the TextField antiAliasType setter. If it is set to an object with a toString method that frees the TextField, the property will be written after it is freed. A PoC is as follows: var topt...

7.4AI score
Exploits0
OSV
OSV
added 2015/08/08 12:59 a.m.2 views

DEBIAN-CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

8.8CVSS8.8AI score0.70226EPSS
Exploits8References1
Prion
Prion
added 2015/08/08 12:59 a.m.25 views

Design/Logic Flaw

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

4.3CVSS7.3AI score0.70226EPSS
Exploits8References17Affected Software9
ATTACKERKB
ATTACKERKB
added 2015/08/08 12:0 a.m.34 views

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

8.8CVSS1.6AI score0.70226EPSS
In wildExploits8References18
Debian CVE
Debian CVE
added 2015/08/08 12:0 a.m.38 views

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

8.8CVSS7.4AI score0.70226EPSS
Exploits8
OSV
OSV
added 2015/08/07 12:0 a.m.4 views

UBUNTU-CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

8.8CVSS6.9AI score0.70226EPSS
Exploits8References5
RedHat Linux
RedHat Linux
added 2009/07/22 12:27 a.m.4 views

Mozilla remote code execution using watch and __defineSetter__ on SVG element

Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an defineSetter function, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted documen...

10CVSS6.3AI score0.05557EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/03/05 12:10 a.m.9 views

Firefox 3 crashes in the JavaScript engine

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pas...

10CVSS7.8AI score0.05789EPSS
Exploits1References4
Atlassian
Atlassian
added 2008/10/01 3:31 a.m.33 views

Make XWork ParametersInterceptor safe from parameter injection attacks

The XWork ParametersInterceptor is a security nightmare as it gives user input submitted form parameters unfettered access to getter/setter methods on action objects. In addition, the interceptor has been shown in the past to be vulnerable to Unicode attacks. Rather than fight a constant and ofte...

3.1AI score
Exploits0Affected Software1
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.16 views

Cross-site Scripting through global scope pollution — Mozilla

As you browse from site to site each new page should start with a clean slate. shutdown reports a technique that pollutes the global scope of a window in a way that persists from page to page. A malicious script could define a setter function for a variable known to be used by a popular site, and...

6.6AI score
Exploits0References1Affected Software2
Rows per page
Query Builder