| | Multiple browsers inherited charset crossite scripting
updated since 25.02.2007
|
 | | If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset. |
| | Multiple FTP clients FTP bounce attack
updated since 05.03.2007
|
| | Passive FTP implementation in multiple client allows to use FTP bounce attack for port scanning. |
| 8! | Mozilla Firefox / Thunderbird / Seamonkey multiple seucrity vulnerabilities
updated since 18.12.2008
|
| | Crossite scripting, crossite data access, memory corruptions, code execution, filtering bypass, user session tracking. |
| | Mozilla Firefox images information leak
|
| | By using getImageData() with redirections it's possiblt to obtain crossite access to images. |
| 9! | Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
|
| | Information leak, free'd memory reusing, privilege escalation, buffer overflow, crossite scripting, protection bypass. |
| 7! | Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 29.09.2008
|
| | Memory corruptions, privilege escalation, crossite scripting, DoS, buffer overflow |
| 7! | Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
|
| | Array index overflow on CSS parsing, crash on GIF processing under Mac OS X, code execution on command-line launch with URI. |
| 9! | Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
|
| | Multiple memory corruptions, code execution, certificate spoofing, .jar files signature spoofing, etc. |
| 6! | Mozilla Firefox memory corruption
|
| | Memory corruption in Javascript garbage collection. |
| | Microsoft Internet Explorer / mozilla Firefox address spoofing |
| | | |
| 8! | Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 26.03.2008
|
| | Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication. |
| | Mozilla Firefox / Opera information leak
updated since 16.02.2008
|
| | Error on BMP files displaying allows to read content of heap memory. |
| | Mozilla Firefox information leak
updated since 23.02.2007
|
| | It's possible for script to check if given web page was visited by user. |
| 9! | Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities
updated since 10.02.2008
|
| | Multiple memory corruptions, input focus stealing, code execution, stored information corruption, directory traversal, information leaks, dialog spoffing. |
| | Mozilla Firefox chrome: URL directory traversal
|
| | It's possible to access local script files |
| | Firefox DoS
|
| | Invalid INPUT tag designMode property processing. |
| 6! | Mozilla Forefox jar: URL crossite scripting
updated since 12.11.2007
|
| | It's possible to fire crossite scripting attack via jar: protocol by uploading JAR, DOC, ZIP, etc files. |
| | Firefox / Konqueror / Safari certificate spoofing
updated since 19.11.2007
|
| | Link between certificate and web site is not set, if certificate from unknown certification authirity is manually approved, making it's possible to use same certificate for different site withour warning. |
| 8! | Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
|
| | Code exectuion with invalid % encoding in Windows, lcaol files accesss with sftp URL, content spoofing, user input focus stealing, memory corruption, code execution. |
| 6! | Mozilla Firefox information leak
|
| | It's possible to read value of any internal variables. |
| | Mozilla status bar text spoofing |
| | | |
| | Mozilla Firefox DoS
|
| | It's possible to create large number of unclosable pop-up windows. |
| 7! | Mozilla Firefox / Thunderbird URL processing code execution
updated since 25.07.2007
|
| | It's possible to inject shell characters into mailto:, news:, nntp: IRLs if Thunderbird is used as URL handler. |
| 7! | Mozilla Firefox cache crossite access
updated since 10.07.2007
|
| | wyciwyg:// URL in combination with 302 HTTP response allows to access cached pages. |
| 8! | Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
|
| | Code execution, memory corruption, content spoofing, crossite scripting, DoS. |
| | Multiple applications security vulnerabilities
|
| | Mozilla Firefox pop-ups DoS, Microsoft Register Server DoS, FreeWRL ActiveX memory corruption, Nonnoi ASP Barcode files overwrite, Eltima Software VSPAX DoS, Media Player Classic memory corruption, Eltima Software RunService AX DoS, Symantec Norton Ghost ActiveX DoS and code execution, ctiveReportsExcelReport, NMSDVDXLib, InnovaDSXP2.OCX ActiveX DoS. |
| | Mozilla Firefox focus spoofing
|
| | It's possible to spoof the focus of key press events. |
| 8! | Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 01.06.2007
|
| | Multiple DoS conditions, addEventListener method crossite scripting. Multiple heap oberflows, integer overflows, etc. |
| 7! | Microsoft Internet Explorer and Mozilla Firefox multiple security vulnerabilities
|
| | Internet Explorer race conditions allow cross domain access. Mozilla Firefox IFRAME cross domain access. Mozilla file download dialogs delay protection bypass. MSIE address bar spoofing. |
| | Firefox information leak
|
| | It's possible to check file existance with resource:// URL. |
| | Multiple browsers digest authentication request splitting
|
| | It's possible to inject new line characters to HTTP request headers thorugh username. |
| | Opera / Firefox anti-phishing protection bypass
|
| | Phishing sites embedded into IFRAME are not detected. |
| | Mozilla Firefox integer overflow
|
| | Integer overflow on large GIF image size values. |
| 7! | Multiple Mozilla Firefox / Thunderbird / Seamonkey vulnerabilities
updated since 27.02.2007
|
| | HTML filtering bypass, crossite scripting, weak hashing function, memory corruption, buffer overflow, etc. |
| | Multiple browsers information leaks
|
| | Server can find pages visited by user by using, e.g., different background pages for "visited" elements. |
| 6! | Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007
|
| | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| 8! | Mozilla Firefox cross domain access
updated since 15.02.2007
|
| | By using
location.hostname='evil.com\x00foo.example.com'
in javascript it's possible to make request for foo.example.com domain to be sent to evil.com. It makes it possible cross-domain access. Vulnerability can be used for hidden malware installation. |
| | Microsoft Internet Explorer / Mozilla Firefox user input hijacking
|
| | It's possible to hijack input focus by using OnKeyDown / OnKeyPress events. |
| | Firefox / Opera phishing protection bypass
|
| | It's possible to bypass phishing protection by adding "." character to hostname or additional "/" after hostname. |
| 6! | Multiple browsers DNS pinning protection bypass
|
| | By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access) |
| 7! | Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities
|
| | Crossite scripting with functions prototypes. Information leak. Buffer overflows on oversized Content-Type fields in messages. Memory corruption on SVG header. Crossite scripting with img.src. DoS. JavaScript watchpoint privilege escalation. CSS image cursor property buffer overflow. Multiple memory corruptions. |
| | Firefox password manager form information leak
|
| | Password manager doesn't check form destination. It makes it possible for attacker to retrieve saved paramters, including saved login/password if he can insert form into content of the site. |
| | |
