EUVD-2011-2359

Malware in sbrugna...

SUSE CVE-2004-0762

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box...

SUSE CVE-2004-0906

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code...

Ubuntu: Security Advisory (USN-124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Bypass Vulnerability July-11 (Windows)

The host is installed with Mozilla Firefox and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbmozillafirefoxsecbypassvulnwinjul11.nasl 7029 2017-08-31 11:51:40Z teissa $ Mozilla Firefox Security Bypass Vulnerability July-11 Windows Authors: Sooraj KS Copyright:...

CVE-2011-2370

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a 1 add-on or 2 theme via unspecified vectors...

Design/Logic Flaw

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a 1 add-on or 2 theme via unspecified vectors...

CVE-2011-2370

CVE-2011-2370 is associated with Mozilla Firefox prior to 5.0, where the xpinstall whitelist is not properly enforced. This can allow a remote attacker to trigger an installation dialog for an add-on or a theme via unspecified vectors. The connected documents confirm the vulnerability reference b...

CVE-2011-2370

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a 1 add-on or 2 theme via unspecified vectors...

CVE-2011-2370

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a 1 add-on or 2 theme via unspecified vectors...

CentOS 4 : mozilla (CESA-2005:386)

Updated mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Vladimir V...

Ubuntu 5.04 : mozilla-firefox, mozilla vulnerabilities (USN-124-1)

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...

thunderbird security update

CentOS Errata and Security Advisory CESA-2005:601 Updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and...

Fedora Core 4 : thunderbird-1.0.6-1.1.fc4 (2005-606)

Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird handled anonymous functions during regular expression string replacement. It is possible for a malicious HTML mail to capture a random block of client memory. The Common Vulnerabilities and...

USN-124-1: Mozilla and Firefox vulnerabilities

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...

Mozilla Firefox executes JavaScript in the "IconURL" parameter of "InstallTrigger.install()" with chrome privileges

Overview Mozilla Firefox may execute JavaScript contained within the IconURL parameter of InstallTrigger.install with chrome privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system. Description XPInstallXPInstall is a cross-platform software installation method...

Important: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Vladimir V. Perepelitsa discovered a bug in the way Firefox handles...

Missing Install object instance checks — Mozilla

The native implementations of InstallTrigger and other XPInstall-related javascript objects did not properly validate that they were called on instances of the correct type. By passing other objects, even raw numbers, the javascript interpreter would jump to the wrong place in memory. Although no...

CVE-2004-0906

CVE-2004-0906 is supported by multiple feeds: Mozilla’s XPInstall installer in Firefox (pre-Preview Release), Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure file permissions for files inside XPI packages. This can let a local user overwrite arbitrary files or execute code. Connect...

CVE-2004-0762

CVE-2004-0762 affects Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7. An attacker could lure a remote web site to trigger interaction events to manipulate the XPInstall Security dialog, allowing installation of arbitrary extensions. The vulnerability is documented with a high ...