Cross-Site Scripting (XSS)

mayan-edms is vulnerable to cross-site scripting XSS attacks. The window.location.hash value is passed directly to window.location which allows an attacker to execute arbitrary JavaScript code on a victim's browser...

Cross site scripting

An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...

Mozilla Firefox ESR Multiple Vulnerabilities - November12 (Windows)

This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvulnnov12win.nasl 6104 2017-05-11 09:03:48Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities - November12 Windows Authors: Arun Kallavi Copyright:...

Mozilla Seamonkey Multiple Vulnerabilities - November12 (Mac OS X)

This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvulnnov12macosx.nasl 6074 2017-05-05 09:03:14Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities - November12 Mac OS X Authors: Arun Kallavi Copyright:...

Firefox 10.x < 10.0.10 Multiple Vulnerabilities

The installed version of Firefox 10.x is potentially affected by the following security issues : - The true value of 'window.location' can be shadowed by user content through the use of the 'valueOf' method, which can be combined with some plugins to perform cross-site scripting attacks...

Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64

A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. CVE-2007-5947 Several flaws were found in the way SeaMonkey processed...

Mozilla Firefox 3.6 window.location对象非授权数据访问漏洞

CVE ID: CVE-2010-0170 Firefox是一款流行的开源WEB浏览器。 由于开发了新的机制来强制窗口与帧之间的同源策略，Firefox 3.6的浏览器引擎将window.location对象更改为正常的可覆盖JavaScript对象。但一些插件也使用这个对象判断页面来源以实施访问限制，因此恶意网页可以通过覆盖这个对象欺骗插件允许到其他站点或本地文件系统上数据的访问。 Mozilla Firefox 3.6 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/...

Mandriva Update for konqueror MDKSA-2007:176 (konqueror)

Check for the Version of konqueror OpenVAS Vulnerability Test Mandriva Update for konqueror MDKSA-2007:176 konqueror Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Debian Security Advisory DSA 1425-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 1425-1. OpenVAS Vulnerability Test $Id: deb14251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1425-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Mozilla Firefox, SeaMonkey: Multiple vulnerabilities

Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types CVE-2007-5947...

Debian DSA-1424-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5947 Jesse Ruderman and Petko D. Petkov discovered that the URI handler fo...

Debian DSA-1425-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5947 Jesse Ruderman and Petko D. Petkov discovered that the URI handler for JAR archives...

Referer-spoofing via window.location race condition — Mozilla

Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery CSRF attack against websites that rely only on the Referer header as...

CVE-2007-4224

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property...

Apple Safari crossite scripting

window.setTimeout works in context of changed window.location...