EUVD-2011-3607

Malware in sbrugna...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird2)

The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via...

CVE-2013-3166

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding...

CVE-2013-0015

Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different 1 domain or 2 zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding...

Ubuntu Update for thunderbird USN-1254-1

Ubuntu Update for Linux kernel vulnerabilities USN-1254-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12541.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for thunderbird USN-1254-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net...

Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1277-1)

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this fl...

Ubuntu Update for mozvoikko USN-1277-2

Ubuntu Update for Linux kernel vulnerabilities USN-1277-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN12772.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for mozvoikko USN-1277-2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net Th...

Mozilla Products XSS and Memory Corruption Vulnerabilities - Windows

Mozilla Firefox/Thunderbird is prone to cross site scripting and memory corruption vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows)

The host is installed with Mozilla firefox/thunderbird and is prone to cross site scripting and memory corruption vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsxssnmemcrptnvulnwin.nasl 7006 2017-08-25 11:51:20Z teissa $ Mozilla Products XSS and Memory Corruption Vulnerabilities...

CVE-2011-3648

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

CVE-2011-3648

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

CVE-2011-3648

CVE-2011-3648 is an XSS vulnerability in Mozilla Firefox prior to 3.6.24 and 4.x through 7.0 and in Thunderbird prior to 3.1.6 and 5.0 through 7.0. It allows remote attackers to inject arbitrary web script or HTML via crafted text encoded in Shift_JIS. Affected products include Firefox and Thunde...

Firefox < 8.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. CVE-2011-3648 - The addition of the 'Azure' graphics...

Thunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 3.1 is earlier than 3.1.16. Such versions are potentially affected by the following security issues : - There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an...

Mozilla Thunderbird 3.1.x < 3.1.16 Multiple Vulnerabilities

The installed version of Thunderbird 3.1.x is earlier than 3.1.16 and is potentially affected by the following vulnerabilities: - There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an attacker could...

Thunderbird 7.x Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 7.x is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding, which can allow cross-site scripting attacks. CVE-2011-3648 - Profiling JavaScript files with many functions can cause...

Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47)

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47)

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

Internet Explorer vulnerable to cross-site scripting

Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site...