XMLDocument::load() doesn't check nsIContentPolicy — Mozilla

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons...

Mozilla Foundation Security Advisory 2008-03

Mozilla Foundation Security Advisory 2008-03 Title: Privilege escalation, XSS, Remote Code Execution Impact: Critical Announced: February 7, 2008 Reporter: mozbugra4, Boris Zbarsky Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 SeaMonkey 1.1.8 Descriptio...

Cross site scripting

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting XSS attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation...

Mozilla arbitrary code execution

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting XSS attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation...

WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

/ El error, bastante tonto por cierto, se encuentra en la función wpsuggestCategories, en el archivo xmlrpc.php: function wpsuggestCategories$args global $wpdb; $this-escape$args; $blogid = int $args0; $username = $args1; $password = $args2; $category = $args3; $maxresults = $args4;...