FreeBSD : mozilla -- multiple vulnerabilities (29f5bfc5-ce04-11dd-a721-0030843d3802)

The Mozilla Foundation reports : MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-doma...

openSUSE 10 Security Update : seamonkey (seamonkey-5880)

The Mozilla SeaMonkey browser suite was updated to version 1.1.14. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...

USN-690-3: Firefox vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An...

USN-690-2: Firefox vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An...

Mozilla Foundation Security Advisory 2008-64

Mozilla Foundation Security Advisory 2008-64 Title: XMLHttpRequest 302 response disclosure Impact: Moderate Announced: December 16, 2008 Reporter: Marius Schilder Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description...

USN-690-1: Firefox and xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502 It was discovered that Firefox did not properly handle persistent cookie data. If ...

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

CVE-2008-5506

CVE-2008-5506 affects Mozilla components (e.g., Firefox/Thunderbird/SeaMonkey) where an XMLHttpRequest to an attacker-controlled resource that performs a 302 redirect to a different domain can bypass same-origin policy, allowing reading of the redirected response. This can enable a remote attacke...

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

SeaMonkey < 1.1.14 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.14. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. MFSA 2008-60 - XBL bindings can be used to rea...

XMLHttpRequest 302 response disclosure — Mozilla

Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but oth...

Discuz! 6.1 xss2webshell Exploit-vulnerability warning-the black bar safety net

/ Discuz! 6.1 xss2webshellSODB-2 0 0 8-1 0 Exploit by 80vul-A team: http://www.80vul.com / //Target url var siteurl='http://www.80vul.com/Discuz6.1.0/'; var request = false; ifwindow. XMLHttpRequest request = new XMLHttpRequest; ifrequest. overrideMimeType request. overrideMimeType'text/xml'; els...

vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit

No description provided by source. / ----------------------------- Author = Mx Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm Software = vBulletin Addon = Visitor Messages Version = 3.7.3 Attack = XSS/XSRF - Description = A critical vulnerability exists in the new vBulletin 3.7.3 softwa...

vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit

Exploit for unknown platform in category web applications ======================================================= vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit ======================================================= / ----------------------------- Author = Mx Title = vBulletin 3.7.3...

Mozilla Foundation Security Advisory 2008-56

Mozilla Foundation Security Advisory 2008-56 Title: nsXMLHttpRequest::NotifyEventListeners same-origin violation Impact: High Announced: November 12, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.4 Firefox 2.0.0.18 Thunderbird 2.0.0.18 SeaMonkey 1.1.13...

webshell431-xssxsrf.txt

======================================================================= . .. | | / / | | | | / \ / / /\ / / \ | | | / / \ /\ \| | / // / /\ \ / / / // http://www.lowsec.org ========================================================================...

Pligg Auto-Voter Using XSS to Bypass CSRF Protection

Explanation: Pligg Suffers from a Reflective Cross Site Scripting vulnerability in index.php. For the $GET'category' variable. Exploit code was written that uses this flaw to bypass the CSRF protection to then vote on any pligg article of the attackers choosing. I took inspiration from the Myspac...

Cross site scripting

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...