[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15754 Download | Alert*

The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation could allow attackers to conduct cross scripting attacks.

Mozilla Thunderbird 78.7 : During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.

Mozilla Firefox 84 : Mozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele Svelto reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Mozilla Firefox 84Mozilla Firefox ESR 78.6 : Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Mozilla Firefox 84Mozilla Firefox ESR 78.6 : When an extension with the proxy permission registered to receive <code><all_urls></code>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address.

Mozilla Firefox 84 : When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it.

Mozilla Firefox 84Mozilla Firefox ESR 78.6 : Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.

Mozilla Firefox 84Mozilla Firefox ESR 78.6 : When <code>flex-basis</code> was used on a table wrapper, a <code>StyleGenericFlexBasis</code> object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash.

Mozilla Firefox 84Mozilla Firefox ESR 78.6 : Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.

Mozilla Firefox 84 : The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash.


Pages:      Start    783    784    785    786    787    788    789    790    791    792    793    794    795    796    ..   1575

© SecPod Technologies