67 matches found
CVE-2013-1711
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting XSS attack...
CVE-2013-1697
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...
Design/Logic Flaw
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...
CVE-2013-1697
CVE-2013-1697 affects Mozilla Firefox (before 22.0) and related Thunderbird/ESR builds. The XrayWrapper allowed bypassing restrictions on DefaultValue for method calls, enabling remote JavaScript execution with chrome privileges via a crafted site using a user-defined (1) toString or (2) valueOf....
CVE-2013-1697
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...
Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Mac OS X)
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillathunderbirdesrmultvulnjun13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 Mac OS X Authors: Arun...
Mozilla Thunderbird Multiple Vulnerabilities - June 13 (Windows)
The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillathunderbirdmultvulnjun13win.nasl 6115 2017-05-12 09:03:25Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - June 13 Windows Authors: Arun Kallavi Copyright:...
Mozilla Thunderbird Multiple Vulnerabilities - June 13 (Mac OS X)
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillathunderbirdmultvulnjun13macosx.nasl 6125 2017-05-15 09:03:42Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - June 13 Mac OS X Authors: Arun Kallavi...
CVE-2013-1697
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...
USN-1638-3: Firefox regressions
USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem. Original advisory details: Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky,...
Mozilla Firefox Multiple Vulnerabilities-02 (Nov 2012) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox Multiple Vulnerabilities-02 (Nov 2012) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Mac OS X)
This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvuln02nov12macosx.nasl 6074 2017-05-05 09:03:14Z teissa $ Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 Mac OS X Authors: Arun Kallavi Copyright...
Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)
This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvuln02nov12win.nasl 5999 2017-04-21 09:02:32Z teissa $ Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 Windows Authors: Arun Kallavi Copyright:...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)
Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript...
CVE-2012-4208
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted w...
Code injection
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted w...
CVE-2012-4208
CVE-2012-4208 affects Mozilla Firefox ≤ prior to 17.0, Thunderbird ≤ prior to 17.0, and SeaMonkey ≤ 2.13/2.14. The XrayWrapper did not consider compartment during property filtering, allowing remote sites to bypass chrome-only restrictions on reading DOM object properties. Impact per description:...
CVE-2012-4208
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted w...
CVE-2012-4208
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted w...