CVE-2018-9946

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-9946

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Web Application Penetration Testing Tool: Tracy

Tracy is a pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy...

Foxit Reader setTimeOut Information Disclosure Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the setTimeOut method, which can be exploited by an attacker to obtain sensitive information or even execute arbitrary code due to a lack of validation before performing ...

Foxit Reader setTimeOut Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

CVE-2013-6837

The CVE describes a Cross-site Scripting (XSS) vulnerability in the setTimeout function of js/jquery.prettyPhoto.js for prettyPhoto 3.1.4 and earlier. The flaw allows an attacker to inject arbitrary script or HTML via a crafted PATH_INTO to the default URI. Affected component: prettyPhoto (JavaSc...

PT-2013-6145 · Jquery · Prettyphoto

Name of the Vulnerable Software and Affected Versions: prettyPhoto versions 3.1.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the setTimeout function in js/jquery.prettyPhoto.js. This vulnerability allows remote attackers to inject arbitrary web...

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

Mozilla Firefox addEventListener和setTimeout实现跨站脚本漏洞

BUGTRAQ ID: 38946 CVECAN ID: CVE-2010-0171 Firefox是一款流行的开源WEB浏览器。 Firefox的addEventListener和setTimeout实现中存在安全漏洞，用户可以通过使用包装的对象绕过MFSA 2007-19所提供的修复执行跨站脚本攻击；由于Firefox 3.6浏览器引擎中的更改，对这个版本的攻击仅限于从跨来源帧或窗口捕获键盘敲击事件。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla Thunderbird 3.0...

Cross site scripting

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...

XSS using addEventListener and setTimeout on a wrapped object — Mozilla

Mozilla security researcher mozbugra4 reports that by using an appropriately wrapped object it was possible to bypass the fix for MFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability to perform cross-site scripting attacks against arbitrary sites as in the original MFSA 2007-19...

SeaMonkey < 2.0.3 Multiple Vulnerabilities

Binary data 5343.prm...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135)

The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in...

Mozilla Firefox < 3.0.12 Multiple Vulnerabilities

Binary data 5101.prm...

CVE-2009-2471

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

CVE-2009-2471

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

Mozilla setTimeout loses XPCNativeWrappers

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

Firefox < 3.0.12 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.0.12. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. MFSA 2009-34 - It may be possible to crash the browser or...

Mozilla Foundation Security Advisory 2009-39

Mozilla Foundation Security Advisory 2009-39 Title: setTimeout loses XPCNativeWrappers Impact: Critical Announced: July 21, 2009 Reporter: Blake Kaplan Products: Firefox Fixed in: Firefox 3.5 Firefox 3.0.12 Description Mozilla developer Blake Kaplan reported that setTimeout, when called with...