setTimeout loses XPCNativeWrappers — Mozilla

Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this ...

CVE-2009-1413

Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context o...

kernel: watchdog: ib700wdt.c - buffer_underflow bug

Buffer underflow in the ibwdtioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOCSETTIMEOUT IOCTL call...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the 1 addEventListener or 2 setTimeout function, probably by setting events that activate after the context...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the 1 addEventListener or 2 setTimeout function, probably by setting events that activate after the context...

Mozilla Firefox 2.0.0.4多个远程安全漏洞

BUGTRAQ ID: 24946 CVECAN ID: CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738 Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox的浏览器引擎和JavaScript引擎中存在多个内存破坏漏洞，可能允许攻击者导致浏览器崩溃。 addEventListener和setTimeout方式中的漏洞可能允许攻击者破坏浏览器的同源策略向其他站点注入脚本，访问或修改该站点的保密或敏感数据。...

Mozilla Foundation Security Advisory 2007-19

Mozilla Foundation Security Advisory 2007-19 Title: XSS using addEventListener and setTimeout Impact: High Announced: July 17, 2007 Reporter: Products: Firefox Fixed in: Firefox 2.0.0.5 Description Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could b...

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the 1 addEventListener or 2 setTimeout function, probably by setting events that activate after the context...

CVE-2007-3736

Cross-site scripting XSS vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the 1 addEventListener or 2 setTimeout function, probably by setting events that activate after the context...

XSS using addEventListener and setTimeout — Mozilla

Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...

CVE-2007-2391

The CVE-2007-2391 entry describes a cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows. The issue allows an attacker to inject arbitrary script or HTML via a web page containing a Windows.setTimeout function that is activated after the user navigates away from the cur...

Code injection

Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks...

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

Design/Logic Flaw

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

Security check of js_ValueToFunctionObject() can be circumvented — Mozilla

The security check in jsValueToFunctionObject can be bypassed by clever use of setTimeout and the new Firefox 1.5 array method ForEach. shutdown demonstrated how to leverage this into a privilege escalation vulnerability that would allow the installation of malware...

CVE-2001-1539

CVE-2001-1539 describes a stack consumption vulnerability in Internet Explorer involving the JavaScript setTimeout function. It allows remote attackers to cause a denial of service (crash) via setTimeout. The CVE notes that the vendor could not reproduce the problem. Connected records (CVE and NV...

CVE-2002-0727

The Host function in Microsoft Office Web Components OWC 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method...

CVE-2002-0727

The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...