- Home
- CVEs with nessus.description==Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks.
- CVE-2009-1302 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code.
- CVE-2009-1303 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code.
- CVE-2009-1304 Igor Bukanov and Bob Clary discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.
- CVE-2009-1305 Igor Bukanov and Bob Clary discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.
- CVE-2009-1306 Daniel Veditz discovered that the Content-Disposition:
header is ignored within the jar: URI scheme.
- CVE-2009-1307 Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions.
- CVE-2009-1308 Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings.
- CVE-2009-1309 'moz_bug_r_a4' discovered bypasses of the same-origin policy in the XMLHttpRequest JavaScript API and the XPCNativeWrapper.
- CVE-2009-1311 Paolo Amadini discovered that incorrect handling of POST data when saving a website with an embedded frame may lead to information disclosure.
- CVE-2009-1312 It was discovered that Iceweasel allows Refresh: headers to redirect to JavaScript URIs, resulting in cross-site scripting.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top