Lucene search
K

5401 matches found

OpenVAS
OpenVAS
added 2012/05/02 12:0 a.m.22 views

Mozilla Products Security Bypass Vulnerability (May 2012) - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

2.6CVSS9.5AI score0.01858EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2012/04/27 12:0 a.m.832 views

Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 12.0 and thus, is potentially affected by the following security issues : - An error exists with handling JavaScript errors that can lead to information disclosure. CVE-2011-1187 - An off-by-one error exists in the 'OpenType Sanitizer' which can le...

10CVSS7.5AI score0.10098EPSS
Exploits3References25
NVD
NVD
added 2012/04/25 10:10 a.m.14 views

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

2.6CVSS6.2AI score0.01858EPSS
Exploits0References8
Prion
Prion
added 2012/04/25 10:10 a.m.20 views

Cross site scripting

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

2.6CVSS6.8AI score0.01858EPSS
Exploits0References8Affected Software3
Cvelist
Cvelist
added 2012/04/25 10:0 a.m.20 views

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

9.2AI score0.01858EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2012/04/25 12:0 a.m.18 views

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

2.6CVSS7.2AI score0.01858EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/04/23 4:52 p.m.4 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
Check Point Advisories
Check Point Advisories
added 2012/04/02 12:0 a.m.1 views

WebSocket Traffic Over HTTP port

WebSocket allows bi-directional, full-duplex single socket connection between client and server...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/02/29 2:46 p.m.4 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2012/01/09 8:3 p.m.2 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
UbuntuCve
UbuntuCve
added 2011/11/16 12:0 a.m.49 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.8AI score0.73327EPSS
Exploits4References3
RedHat Linux
RedHat Linux
added 2011/10/19 5:17 p.m.3 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2011/10/18 11:19 p.m.4 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
OSV
OSV
added 2011/09/06 7:55 p.m.3 views

DEBIAN-CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS8.4AI score0.73327EPSS
Exploits4References1
Debian CVE
Debian CVE
added 2011/09/06 7:0 p.m.71 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS7.2AI score0.73327EPSS
Exploits4
Cvelist
Cvelist
added 2011/09/06 7:0 p.m.41 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

6.4AI score0.73327EPSS
Exploits4References89
RubySec
RubySec
added 2011/08/31 12:0 a.m.45 views

CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

7AI score0.73327EPSS
Exploits4References1Affected Software1
NVD
NVD
added 2010/12/22 3:0 a.m.19 views

CVE-2010-4586

The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508...

10CVSS7.7AI score0.02047EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2010/12/09 8:0 p.m.23 views

CVE-2010-4508

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification...

10CVSS5.9AI score0.01299EPSS
Exploits0References1
Cvelist
Cvelist
added 2010/12/09 7:0 p.m.25 views

CVE-2010-4508

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification...

9.4AI score0.01299EPSS
Exploits0References4
Rows per page
Query Builder