17 matches found
EUVD-2007-3640
Malware in sbrugna...
SUSE CVE-2007-3656
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
SUSE CVE-2016-1942
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a 1 wyciwyg: URI or 2 resource: URI...
Mozilla Firefox Address Bar Forgery Vulnerability (CNVD-2016-00850)
Mozilla Firefox on Android is an open source web browser for the Android platform. A security vulnerability exists in Mozilla Firefox that allows remote attackers to spoof the contents of the address bar by tricking users into copying the wyciwyg: URI or resource: URI link...
CVE-2016-1942
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a 1 wyciwyg: URI or 2 resource: URI...
CVE-2016-1942
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a 1 wyciwyg: URI or 2 resource: URI...
UBUNTU-CVE-2016-1942
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a 1 wyciwyg: URI or 2 resource: URI...
security flaw
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
security flaw
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
Mozilla Firefox cache crossite access
wyciwyg:// URL in combination with 302 HTTP response allows to access cached pages...
Unauthorized access to wyciwyg:// documents — Mozilla
Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached wyciwyg documents. It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data...
Mozilla Firefox WYCIWYG:// URI绕过缓存区限制漏洞
BUGTRAQ ID: 24831 Mozilla Firefox是一款非常流行的开源WEB浏览器。 Firefox实现的wyciwyg://伪URI资源类型的访问控制存在漏洞,远程攻击者可能利用此漏洞获取Web浏览器相关的敏感信息。 wyciwyg://伪URI资源类型用于整理和引用本地所缓存的页面,但wyciwyg:// URI的访问控制并不充分,用户可通过XMLHttpRequest或IFRAMEd view-source:访问所缓存的文档。尽管仍正确地实现同域策略,但恶意站点可以绕过cookie设置向用户计算机存储任意标记;如果结合HTTP...
CVE-2007-3656
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
Design/Logic Flaw
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
CVE-2007-3656
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
CVE-2007-3656
Mozilla Firefox 1.8.x and earlier versions are affected by CVE-2007-3656 due to not performing a security zone check for wyciwyg URIs. The issue allows a remote attacker to obtain sensitive information, potentially poison the browser cache, and may enable further attack vectors via HTTP 302 redir...
CVE-2007-3656
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...