CVE-2013-0773

The Chrome Object Wrapper COW and System Only Wrapper SOW implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote...

CVE-2013-0773

The Chrome Object Wrapper COW and System Only Wrapper SOW implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote...

CVE-2013-0773

CVE-2013-0773 corresponds to a vulnerability in the Chrome Object Wrapper (COW) and System Only Wrapper (SOW) security wrappers in Mozilla-based products. The issue allowed modifications to a prototype, enabling a non-specified remote site to access chrome objects or potentially execute JavaScrip...

CVE-2013-0773

The Chrome Object Wrapper COW and System Only Wrapper SOW implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote...

CVE-2013-0265

The redirectstderr function in xnbdcommon.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log...

Design/Logic Flaw

The redirectstderr function in xnbdcommon.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log...

UBUNTU-CVE-2013-0265

The redirectstderr function in xnbdcommon.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log...

CVE-2013-0265

The CVE concerns xNBD 0.1.0 (xnbd-server and xNBD wrapper); the redirect_stderr function in xnbd_common.c allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. Affected components are the xnbd-server/xndb-wrapper with the cited version. Impact is defined as l...

CVE-2013-0265

Removed by vendor...

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6440)

PHP5 was updated with incremental fixes to the previous update. - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 - heap-based buffer overflow in php's ph...

SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6316)

PHP5 was updated with incremental fixes to the previous update : - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 11.1 / 11.2 Security Update : zypper (SAT Patch Numbers 6527 / 6528)

The following issue has been fixed : - The zypper setuid wrapper linked against libzypp. This is not needed and added unnecessary attack vectors. CVE-2012-0420 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

CVE-2013-0757

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to...

Design/Logic Flaw

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to...

CVE-2013-0757

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to...

Mozilla: Chrome Object Wrapper (COW) bypass through plugin objects (MFSA 2013-15)

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging...

Mozilla: Chrome Object Wrapper (COW) bypass through plugin objects (MFSA 2013-15)

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging...

Chrome Object Wrapper (COW) bypass through changing prototype — Mozilla

Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers COW to gain access to chrome privileged functions. This could allow for arbitrary code execution...

local file access in `Client:send` via manipulation of `$protocol` argument

security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...

Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnnov12win.nasl 5956 2017-04-14 09:02:12Z teissa $ Mozilla Firefox Multiple Vulnerabilities - November12 Windows Authors: Rachana Shetty Copyright: Copyright c...