SUSE CVE-2009-3988

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via crafted...

Description of the security update for SharePoint Foundation 2013: May 11, 2021 (KB5001935)

Description of the security update for SharePoint Foundation 2013: May 11, 2021 KB5001935 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, information disclosure vulnerability, and spoofing vulnerability, and Microsoft SharePoint remote code...

WebKit - Universal XSS Using Cached Pages

WebKit - Universal XSS Using Cached Pages VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child =...

WebKit - Universal XSS Using Cached Pages

VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child = mframe.tree.lastChild; child; child =...

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous...

WebKit CachedFrameBase::restore Universal Cross Site Scripting

WebKit: UXSS via CachedFrameBase::restore This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true,...

WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting

view-frame.page; frame.tree.appendChildchildFrame-view-frame; childFrame-open; enqueuePageshowEventPageshowEventPersisted; HistoryItem historyItem = frame.loader.history.currentItem; if historyItem && historyItem-stateObject mdocument-enqueuePopstateEventhistoryItem-stateObject;...

WebKit Synchronous Page Load UXSS

WebKit: UXSS via a synchronous page load CVE-2017-2480 Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed. bool SubframeLoader::requestFrameHTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString&...

Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5561/info Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and...

MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently)

Origin: Visit http://technet.microsoft.com/en-us/security/bulletin/ms14-010 Check "Acknowledgments" for "CVE-2014-0293". It says "Dieyu" and links to my website http://dieyu.org/ Technical Details: showModalDialog to keep script running, HTTP redirecting to target domain. Then script will run in...

Mozilla Products Multiple Vulnerabilities feb-10 (Windows)

The host is installed with Mozilla Firefox/Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillaprdtsmultvulnfeb10win01.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilities feb-10 Windows Authors: Antu Sanadi Copyright:...

ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability

ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-019 February 19, 2010 -- CVE ID: CVE-2009-3988 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.0.x -- TippingPointTM IPS Customer...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)

Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products...

openSUSE Security Update : seamonkey (seamonkey-2013)

Mozilla SeaMonkey was upgraded to version 2.0.3, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products...

Firefox showModalDialog()方法跨域脚本执行漏洞

CVE ID: CVE-2009-3988 Firefox是一款流行的开源WEB浏览器。 Firefox的同源策略实现上存在漏洞，远程攻击者可能通过使用showModalDialog JavaScript方法绕过权限限制，获取其他浏览网面的信息。 利用此漏洞需要一定的用户交互发生。 Mozilla Firefox 3.0.x 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/security/announce/2010/mfsa2010-04.html...

Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability

This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross doma...

Mozilla violation of same-origin policy due to properties set on objects passed to showModalDialog (MFSA 2010-04)

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via crafted...

XSS due to window.dialogArguments being readable cross-domain — Mozilla

Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and...

MediaPlayer+IE6 the latest vulnerability of the simple research-vulnerability warning-the black bar safety net

This vulnerability only IE6. 0 and above versions. Because from IE6 began to support something like the following java script:window. open"http://ip/";,"media"; The main problem out here. All of the following code are in XP+WMP8. 0+IE6. 0 1+IIS6. 0 environment test pass. Wherein xp and IE by...

CVE-2004-1173

Internet Explorer 6 contains a vulnerability where remote attackers can bypass the popup blocker using DOM methods in the DHTML Editing Component (DEC) and showModalDialog calls. Root cause: the DHTML Editing Component/DEC enables a bypass via its DOM API. Impact described as bypassing the popup ...