Lucene search
+L

37 matches found

Mozilla
Mozilla
added 2012/01/31 12:0 a.m.50 views

Frame scripts calling into untrusted objects bypass security checks — Mozilla

Mozilla security researcher mozbugra4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting XSS attacks through web pages and Firefox extensions. The fix enables the Script Security Manager SSM to force security checks on...

4.3CVSS0.9AI score0.01601EPSS
Exploits0References2Affected Software3
Check Point Advisories
Check Point Advisories
added 2009/09/30 12:0 a.m.14 views

Mozilla Firefox XPCOM Plugin Access Control (CVE-2005-0527)

Mozilla Firefox is a popular web-browser available for many platforms. Firefox implements a cross-platform component architecture called XPCOM Cross-Platform Component Object Model that allows for the development of modular software such as browser plug-ins. These objects can be invoked through...

5.1CVSS7.3AI score0.07322EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/06/16 12:0 a.m.40 views

Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)

The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...

9.3CVSS0.7AI score0.09282EPSS
Exploits7References8
RedHat Linux
RedHat Linux
added 2008/10/01 3:33 p.m.7 views

Mozilla privilege escalation via XPCnativeWrapper pollution

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS6.2AI score0.04996EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/10/01 3:33 p.m.12 views

Mozilla privilege escalation via XPCnativeWrapper pollution

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

7.5CVSS7.7AI score0.05077EPSS
Exploits1References4
NVD
NVD
added 2008/09/24 8:37 p.m.16 views

CVE-2008-4058

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

7.5CVSS7.3AI score0.05077EPSS
Exploits1References52
NVD
NVD
added 2008/09/24 8:37 p.m.16 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS7.2AI score0.04996EPSS
Exploits1References44
Prion
Prion
added 2008/09/24 8:37 p.m.18 views

Code injection

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS7.4AI score0.04996EPSS
Exploits1References44Affected Software1
Prion
Prion
added 2008/09/24 8:37 p.m.23 views

Code injection

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

7.5CVSS7.5AI score0.05077EPSS
Exploits1References52Affected Software5
Cvelist
Cvelist
added 2008/09/24 6:0 p.m.27 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

9.6AI score0.04996EPSS
Exploits1References44
Cvelist
Cvelist
added 2008/09/24 6:0 p.m.24 views

CVE-2008-4058

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

9.7AI score0.05077EPSS
Exploits1References52
CVE
CVE
added 2008/09/24 6:0 p.m.290 views

CVE-2008-4059

CVE-2008-4059 affects the XPConnect component in Mozilla Firefox prior to 2.0.0.17, allowing a remote attacker to pollute XPCNativeWrappers and execute arbitrary code with chrome privileges via SCRIPT element vectors. The Ubuntu USN-645-2 advisory documents this CVE among Firefox/XULRunner-relate...

7.5CVSS9.6AI score0.04996EPSS
Exploits1References44Affected Software1
CVE
CVE
added 2008/09/24 6:0 p.m.93 views

CVE-2008-4058

CVE-2008-4058 affects Mozilla-based products (Firefox, SeaMonkey, Thunderbird) where XPConnect could be abused to pollute XPCNativeWrappers via chrome XBL/chrome JS, enabling remote arbitrary-code execution with chrome privileges. Publicly documented affected ranges include Firefox before 2.0.0.1...

7.5CVSS9.8AI score0.05077EPSS
Exploits1References52Affected Software3
RedHat Linux
RedHat Linux
added 2008/09/24 2:4 a.m.7 views

Mozilla privilege escalation via XPCnativeWrapper pollution

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS6.2AI score0.04996EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/09/24 2:4 a.m.5 views

Mozilla privilege escalation via XPCnativeWrapper pollution

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

7.5CVSS7.7AI score0.05077EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/09/24 12:0 a.m.45 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS6.1AI score0.04996EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2006/07/27 7:53 p.m.5 views

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context...

7.5CVSS7.5AI score0.03036EPSS
Exploits0References4
Rows per page
Query Builder