Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

69 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 6:14 a.m.2 views

SUSE CVE-2006-3810

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

6.8CVSS7.5AI score0.1364EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 6:8 a.m.1 views

SUSE CVE-2008-1233

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."...

6.8CVSS9.1AI score0.24819EPSS
Exploits1References5
SUSE CVE
SUSE CVEadded 2023/02/15 6:4 a.m.1 views

SUSE CVE-2009-1309

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

4.3CVSS7.9AI score0.01757EPSS
Exploits0References5
OpenVAS
OpenVASadded 2021/11/11 12:0 a.m.15 views

Mozilla Firefox Security Advisory (MFSA2011-43) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4.3CVSS9.5AI score0.00312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2011/12/13 12:0 a.m.27 views

SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429)

Mozilla Firefox has been updated to version 1.9.2.24 bnc728520 to fix the following security issues : - bmo680880 loadSubScript unwraps XPCNativeWrapper scope parameter. MFSA 2011-46 / CVE-2011-3647 - bmo690225 Potential XSS against sites using Shift-JIS. MFSA 2011-47 / CVE-2011-3648 - bmo674776...

10CVSS8.1AI score0.08708EPSS
Exploits4References31
securityvulns
securityvulnsadded 2011/11/25 12:0 a.m.111 views

Mozilla Foundation Security Advisory 2011-46

Mozilla Foundation Security Advisory 2011-46 Title: loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 3.6.24 Thunderbird 3.1.16 Description Mozilla security research...

9.3CVSS0.00769EPSS
Exploits0
securityvulns
securityvulnsadded 2011/10/01 12:0 a.m.67 views

Mozilla Foundation Security Advisory 2011-43

Mozilla Foundation Security Advisory 2011-43 Title: loadSubScript unwraps XPCNativeWrapper scope parameter Impact: Critical Announced: September 27, 2011 Reporter: David Rees Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description David Rees reported that the JSSubScriptLoade...

4.3CVSS0.1AI score0.00312EPSS
Exploits0
Mozilla
Mozillaadded 2011/09/27 12:0 a.m.54 views

loadSubScript unwraps XPCNativeWrapper scope parameter — Mozilla

David Rees reported that the JSSubScriptLoader a feature used by some add-ons was "unwrapping" XPCNativeWrappers when they were used as the scope parameter to loadSubScript. Without the protection of the wrappers the add-on could be vulnerable to privilege escalation attacks from malicious web...

4.3CVSS1.6AI score0.00312EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessusadded 2009/07/28 12:0 a.m.32 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135)

The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in...

10CVSS7.6AI score0.17716EPSS
Exploits4References11
Prion
Prionadded 2009/07/22 6:30 p.m.17 views

Design/Logic Flaw

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

10CVSS7.2AI score0.02113EPSS
Exploits1References13Affected Software1
UbuntuCve
UbuntuCveadded 2009/07/22 6:30 p.m.20 views

CVE-2009-2471

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

10CVSS5.9AI score0.02113EPSS
Exploits1References1
NVD
NVDadded 2009/07/22 6:30 p.m.13 views

CVE-2009-2471

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

10CVSS6.8AI score0.02113EPSS
Exploits1References13
CVE
CVEadded 2009/07/22 6:0 p.m.77 views

CVE-2009-2471

CVE-2009-2471 affects Mozilla Firefox before 3.0.12. The flaw in the setTimeout handling fails to preserve object wrapping, enabling remote attackers to run arbitrary JavaScript with chrome privileges via a crafted call (XPCNativeWrapper related). Affected product often cited with Firefox before ...

10CVSS9.2AI score0.02113EPSS
Exploits1References13Affected Software1
Cvelist
Cvelistadded 2009/07/22 6:0 p.m.18 views

CVE-2009-2471

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

9.3AI score0.02113EPSS
Exploits1References13
RedHat Linux
RedHat Linuxadded 2009/07/22 12:27 a.m.0 views

Mozilla setTimeout loses XPCNativeWrappers

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper...

10CVSS6.1AI score0.02113EPSS
Exploits1References4
Mozilla
Mozillaadded 2009/07/21 12:0 a.m.27 views

setTimeout loses XPCNativeWrappers — Mozilla

Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this ...

10CVSS3.6AI score0.02113EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linuxadded 2009/06/25 3:7 p.m.4 views

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

4.3CVSS7.3AI score0.01757EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2009/06/25 2:54 p.m.0 views

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

4.3CVSS7.3AI score0.01757EPSS
Exploits0References4
securityvulns
securityvulnsadded 2009/04/23 12:0 a.m.99 views

Mozilla Foundation Security Advisory 2009-19

Mozilla Foundation Security Advisory 2009-19 Title: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString Impact: High Announced: April 21, 2009 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla security researcher mozbugra4...

4.3CVSS0.1AI score0.01757EPSS
Exploits0
Prion
Prionadded 2009/04/22 6:30 p.m.23 views

Cross site scripting

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

4.3CVSS6.1AI score0.01757EPSS
Exploits0References31Affected Software1
Rows per page
Query Builder