Mozilla多个产品不正确XMLHttpRequest调用限制漏洞

CVE ID:CVE-2013-1714 Mozilla Firefox/SeaMonkey/Thunderbird是Mozilla所发布的WEB浏览器/新闻组客户端/邮件客户端 Mozilla Firefox/SeaMonkey/Thunderbird Web Workers实现不正确限制XMLHttpRequest调用，允许远程攻击者利用漏洞绕过同源策略，进行跨站脚本攻击，可获取敏感信息或劫持用户会话 0 Mozilla Firefox 23.0 Mozilla Firefox ESR 17.x Mozilla Thunderbird 17.0.8 Mozilla Thunderbi...

Firefox < 23.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when using...

Mozilla SeaMonkey Multiple Vulnerabilities (Aug 2013) - Windows

Mozilla SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Mozilla Firefox ESR Multiple Vulnerabilities (Aug 2013) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Mozilla Thunderbird ESR Multiple Vulnerabilities (Aug 2013) - Windows

Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Firefox ESR 17.x < 17.0.8 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 17.x is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701 - Unspecified errors exist related to HTML frames and history handling,...

Mozilla: Same-origin bypass with web workers and XMLHttpRequest (MFSA 2013-73)

The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy a...

CVE-2013-1714

CVE-2013-1714 concerns Mozilla Firefox and related Mozilla components. The affected products are Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20. Root cause (per the connected MiracleLinux/Nessus entry):...

Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1924-1)

Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of...

Same-origin bypass with web workers and XMLHttpRequest — Mozilla

Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting XSS attacks by web workers...

CVE-2013-1714

The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy a...

Design/Logic Flaw

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...

CVE-2013-2203

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...

CVE-2013-2203

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Advisory: XMLHttpRequest HTTP Referer Header Faking Author: Liad Mizrachi Vendor URL: http://www.chromium.org/ Vulnerability Status: Fixed Application Version: Google Chrome v25.0.1364.152 ========================== Vulnerability Description ========================== Chromium is the open source...

Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2)

USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Multiple memory safety issues were discovered in Firefox. If the user wer...

Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...

CVE-2013-1692

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks...

Mozilla Firefox Multiple Vulnerabilities - June 13 (Windows)

The host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillafirefoxmultvulnjun13win.nasl 6086 2017-05-09 09:03:30Z teissa $ Mozilla Firefox Multiple Vulnerabilities - June 13 Windows Authors: Arun Kallavi Copyright: Copyright c...

Mozilla Thunderbird Multiple Vulnerabilities - June 13 (Windows)

The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillathunderbirdmultvulnjun13win.nasl 6115 2017-05-12 09:03:25Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - June 13 Windows Authors: Arun Kallavi Copyright:...