ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability

ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-048 April 2, 2010 -- CVE ID: CVE-2010-0176 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.5.x -- Vulnerability Detail...

Phorum Cross Site Scripting / Request Forgery

=cicatriz ==advisories= / / / / // / / // / o / / .-/ =Phorum 5.2.10 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: Phorum 5.2.10 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-1504 Advisory URL: http://research.voodoo-labs.org/advisories/...

Firescrolling 2 [Firefox 1.0.1)

Summary Even though Firefox 1.0.1 patched one of the key bugs behind my firescrolling exploit the ability of plugins to load chrome files in a hidden frame the ability to hijack a drag and drop operation and open a privileged xul file is still available. The demo opens...