| | Multiple browsers inherited charset crossite scripting
updated since 25.02.2007
|
 | | If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset. |
| 7! | Mozilla / Firefox / Firebird / Netscape array overflow
updated since 31.05.2006
|
| | Array ovrflow on high marquee tag recursion level. |
| | Multiple FTP clients FTP bounce attack
updated since 05.03.2007
|
| | Passive FTP implementation in multiple client allows to use FTP bounce attack for port scanning. |
| | Mozilla Firefox information leak
updated since 23.02.2007
|
| | It's possible for script to check if given web page was visited by user. |
| 8! | Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 01.06.2007
|
| | Multiple DoS conditions, addEventListener method crossite scripting. Multiple heap oberflows, integer overflows, etc. |
| 7! | Multiple Mozilla Firefox / Thunderbird / Seamonkey vulnerabilities
updated since 27.02.2007
|
| | HTML filtering bypass, crossite scripting, weak hashing function, memory corruption, buffer overflow, etc. |
| | Multiple browsers information leaks
|
| | Server can find pages visited by user by using, e.g., different background pages for "visited" elements. |
| 6! | Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007
|
| | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| 6! | Mozilla libnss multiple security vulnerabilities
updated since 25.02.2007
|
| | Buffer overflows and integer overflows in SSL2 client and server code implementation. |
| | Mozilla Firefox weak PRNG generator
|
| | Weak PRNG generator is used to generate temporary files names for XMLHttpRequest. It may be used to access content of local files by creating temporary HTML file with predictable name. |
| 6! | Multiple browsers race conditions
updated since 18.08.2006
|
| | There are different race condition with threading synchronization on different concurrent events. |
| 6! | Multiple browsers DNS pinning protection bypass
|
| | By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access) |
| 7! | Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities
|
| | Crossite scripting with functions prototypes. Information leak. Buffer overflows on oversized Content-Type fields in messages. Memory corruption on SVG header. Crossite scripting with img.src. DoS. JavaScript watchpoint privilege escalation. CSS image cursor property buffer overflow. Multiple memory corruptions. |
| | Firefox password manager form information leak
|
| | Password manager doesn't check form destination. It makes it possible for attacker to retrieve saved paramters, including saved login/password if he can insert form into content of the site. |
| 8! | 0-day Mozilla Firefox code execution security vulnerability
|
| | Vulnerability with javascript processing allows code execution. |
| 8! | Multiple Firefox / Mozilla / SeaMonkey / Netscape browsers and Thunderbird security vulnerabilities
|
| | Memory corruptions, crossite scripting, grame spoofing, RSA signature forgery, Auto update man-int-the-middle attacks. XBL javascript execution with e-mail. |
| 9! | Multiple Mozilla / Firefox / Seamonkey / Thunderbird security vulnerabilities
updated since 27.07.2006
|
| | Multiple vulnerabilities allow unrestricted code execution. Can be used for hidden malware installation. |
| 9! | Multiple Mozilla / Firefox / Thunderbird / Netscape / Seamonkey security vulnerabilities
updated since 02.06.2006
|
| | Localzone scripting with code execution, memory corruption, HTTP response splitting, array overflow, javascript filtering bypass. |
| | Mozilla / Firefox / Netscape exceptions information leak
|
| | On exception raise message contains path to application installation and sometimes user's profile path. |
| 8! | Mozilla browsers and mail agents memory corruption
|
| | Memory corruption on displaying corrupted HTML tables. Can be used for silent malware installation. |
| 8! | Multiple Firefox / Netscape / SeaMonkey vulnerabilities
updated since 14.04.2006
|
| | Crossite scripting, memory corruptions, buffer overflows, array overflows, integer overflows. Can be exploited to silently install malware code. |
| 8! | Multiple Mozilla / Firefox / Thinderbird vulnerabilities
updated since 03.02.2006
|
| | Javascript code execution, heap memory corruption with styles, memory corruption with QueryInterface, code execution with XULDocument.persist(), multiple integer overflows, information leak from nsExpatDriver::ParseBuffer().
Silen trojan code installation is potentially possible. |
| | |
