CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

CVE-2018-5112

CVE-2018-5112 affects Mozilla Firefox prior to version 58. The issue arises because Development Tools panels of an extension may load URLs using relative paths from the extension manifest, but this enforcement was not applied in all cases. The vulnerability could allow a developer tools panel to ...

CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

CVE-2017-17226

The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specif...

Input validation

The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specif...

CVE-2017-17226

The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specif...

Security Advisory - Arbitrary URL Loading Vulnerability in TripAdvisor

The TripAdvisor app pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained ...

Privacy killer: the Flash permissions reflection-vulnerability warning-the black bar safety net

0x00 Preface Always thought the risk has long been valued, but recently accidentally found, there are still many sites the presence of the defects, which are some of the commonly used email, social networking sites, so it is necessary then to explore it again. In fact, this is not what...

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

Fedora 18 : icedtea-web-1.3.2-0.fc18 (2013-5962)

New in release 1.3.2 2013-04-17 : - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin...

Buffer overflow

Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."...

CVE-2012-2869

CVE-2012-2869 affects Chromium/Chrome up to around version 21.x, where the URL loading path could trigger a stale buffer, potentially enabling a denial of service or other impact. The vulnerability is tied to Chromium’s URL handling in the loader. OpenSUSE/OpenVAS advisories indicate updating Chr...

Stable Channel Update

The Stable channel has been updated to 21.0.1180.89 for Linux, Mac, Windows and Chrome Frame This build fixes the following issues: Several Pepper Flash fixes Issue 140577, 144107, 140498, 142479. Microphone issues with tinychat.com Issue: 143192 devtools regression with "save as" of edited sourc...

Cross site scripting

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...

vTiger CRM 5.0.4 - Local File Inclusion

!/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link: http://bit.ly/hluzLf Tested on: Windows XP/Linux Ubuntu...

vulnerabilities: CVE-2006-{3113,3677,3801-3812}

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links...

mirc.5.6.autoload.url.txt

Date: Tue, 8 Jun 1999 22:49:35 -0400 From: Rich Lafferty To: [email protected] Subject: mIRC 5.6 automatic URL loading This one stunned me. I triple-checked and tested more than I'd usually test because I can't believe anyone would implement something so ridiculous. Perhaps I'm just optimistic...