Lucene search
K

67 matches found

Cvelist
Cvelist
added 2015/01/14 11:0 a.m.25 views

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

9.5AI score0.65657EPSS
Exploits4References19
OSV
OSV
added 2015/01/14 12:0 a.m.3 views

UBUNTU-CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

7.5CVSS7.2AI score0.65657EPSS
Exploits4References4
UbuntuCve
UbuntuCve
added 2015/01/14 12:0 a.m.38 views

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

7.5CVSS7.2AI score0.65657EPSS
Exploits4References3
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.48 views

XrayWrapper bypass through DOM objects — Mozilla

Mozilla developer Bobby Holley reported that Document Object Model DOM objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation...

7.5CVSS9AI score0.65657EPSS
Exploits4References3Affected Software2
NVD
NVD
added 2014/12/11 11:59 a.m.19 views

CVE-2014-8632

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal...

4.3CVSS6.5AI score0.01018EPSS
Exploits0References4
Prion
Prion
added 2014/12/11 11:59 a.m.19 views

Design/Logic Flaw

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal...

4.3CVSS7AI score0.01018EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2014/12/11 11:59 a.m.40 views

CVE-2014-8632

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal...

4.3CVSS6.6AI score0.01018EPSS
Exploits0References3
CVE
CVE
added 2014/12/11 11:0 a.m.60 views

CVE-2014-8632

CVE-2014-8632 affects Mozilla Firefox (before 34.0) and SeaMonkey (before 2.31). The issue is in the structured-clone implementation where interactions with XrayWrapper property filtering do not properly enforce restrictions, allowing a remote attacker to bypass intended DOM object restrictions b...

4.3CVSS9.2AI score0.01018EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2014/12/11 11:0 a.m.28 views

CVE-2014-8632

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal...

9.3AI score0.01018EPSS
Exploits0References4
Mageia
Mageia
added 2014/06/11 4:56 p.m.39 views

Updated iceape packages fix multiple vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service memory corruption and...

9.8CVSS9.7AI score0.07543EPSS
Exploits7References11
NVD
NVD
added 2014/04/30 10:49 a.m.16 views

CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped...

6.8CVSS9.1AI score0.01824EPSS
Exploits0References11
Cvelist
Cvelist
added 2014/04/30 10:0 a.m.22 views

CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped...

9.1AI score0.01824EPSS
Exploits0References11
CVE
CVE
added 2014/04/30 10:0 a.m.119 views

CVE-2014-1526

Summary : CVE-2014-1526 affects Mozilla Firefox up to 29.0 (and SeaMonkey up to 2.26). The XrayWrapper implementation could be abused by a user via a crafted site visited in a debugger to bypass access restrictions, causing unwrapping operations and calls to DOM methods on unwrapped objects. This...

6.8CVSS8.9AI score0.01824EPSS
Exploits0References11Affected Software2
UbuntuCve
UbuntuCve
added 2014/04/29 12:0 a.m.25 views

CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped...

6.8CVSS6.8AI score0.01824EPSS
Exploits0References3
OSV
OSV
added 2014/04/29 12:0 a.m.3 views

UBUNTU-CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped...

6.8CVSS6.8AI score0.01824EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2013/08/08 12:0 a.m.51 views

Mozilla Firefox Multiple Vulnerabilities (Aug 2013) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

10CVSS9.8AI score0.40118EPSS
Exploits15References4
OpenVAS
OpenVAS
added 2013/08/08 12:0 a.m.23 views

Mozilla SeaMonkey Multiple Vulnerabilities (Aug 2013) - Windows

Mozilla SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

10CVSS9.8AI score0.40118EPSS
Exploits14References4
NVD
NVD
added 2013/08/07 1:55 a.m.15 views

CVE-2013-1711

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting XSS attack...

4.3CVSS5.6AI score0.02158EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/08/07 1:0 a.m.14 views

CVE-2013-1711

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting XSS attack...

5.4AI score0.02158EPSS
Exploits0References3
CVE
CVE
added 2013/08/07 1:0 a.m.118 views

CVE-2013-1711

CVE-2013-1711 affects Mozilla Firefox (before 23.0) and SeaMonkey (before 2.20); the XrayWrapper implementation fails to properly address an XBL scope bypass caused by non-native arguments in XBL function calls. This bypass can enable remote XSS through access to an unprivileged object, as docume...

4.3CVSS5.5AI score0.02158EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder