37 matches found
Frame scripts calling into untrusted objects bypass security checks — Mozilla
Mozilla security researcher mozbugra4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting XSS attacks through web pages and Firefox extensions. The fix enables the Script Security Manager SSM to force security checks on...
Mozilla Firefox XPCOM Plugin Access Control (CVE-2005-0527)
Mozilla Firefox is a popular web-browser available for many platforms. Firefox implements a cross-platform component architecture called XPCOM Cross-Platform Component Object Model that allows for the development of modular software such as browser plug-ins. These objects can be invoked through...
Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)
The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...
Mozilla privilege escalation via XPCnativeWrapper pollution
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...
Mozilla privilege escalation via XPCnativeWrapper pollution
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...
CVE-2008-4058
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...
CVE-2008-4059
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...
Code injection
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...
Code injection
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...
CVE-2008-4059
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...
CVE-2008-4058
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...
CVE-2008-4059
CVE-2008-4059 affects the XPConnect component in Mozilla Firefox prior to 2.0.0.17, allowing a remote attacker to pollute XPCNativeWrappers and execute arbitrary code with chrome privileges via SCRIPT element vectors. The Ubuntu USN-645-2 advisory documents this CVE among Firefox/XULRunner-relate...
CVE-2008-4058
CVE-2008-4058 affects Mozilla-based products (Firefox, SeaMonkey, Thunderbird) where XPConnect could be abused to pollute XPCNativeWrappers via chrome XBL/chrome JS, enabling remote arbitrary-code execution with chrome privileges. Publicly documented affected ranges include Firefox before 2.0.0.1...
Mozilla privilege escalation via XPCnativeWrapper pollution
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...
Mozilla privilege escalation via XPCnativeWrapper pollution
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...
CVE-2008-4059
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...
security flaw
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context...