Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25844
HistoryMar 03, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-08

2011-03-0300:00:00
vulners.com
23
JSON

Mozilla Foundation Security Advisory 2011-08

Title: ParanoidFragmentSink allows javascript: URLs in chrome documents
Impact: Moderate
Announced: March 1, 2011
Reporter: Roberto Suggi Liverani
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.14
Firefox 3.5.17
Thunderbird 3.1.8
SeaMonkey 2.0.12
Description

Mozilla security developer Roberto Suggi Liverani reported that ParanoidFragmentSink, a class used to sanitize potentially unsafe HTML for display, allows javascript: URLs and other inline JavaScript when the embedding document is a chrome document. While there are no unsafe uses of this class in any released products, extension code could have potentially used it in an unsafe manner.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=562547
* CVE-2010-1585

Related

veracode 1
prion 1
cve 1
openvas 32
ubuntucve 1
seebug 1
mozilla 1
nessus 41
redhat 2
ubuntu 4
oraclelinux 2
osv 3
debian 4
freebsd 1
securityvulns 1
centos 1
suse 2
gentoo 1
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:54:15
prion
prion
Design/Logic Flaw
2010-04-28 22:30:00
cve
cve
CVE-2010-1585
2010-04-28 22:30:00
openvas
openvas
Mozilla Firefox Code Execution Vulnerability (May 2010) - Windows
2010-05-04 00:00:00
Mozilla Firefox Code Execution Vulnerability (Windows) - May10
2010-05-04 00:00:00
RedHat Update for thunderbird RHSA-2011:0311-01
2012-07-09 00:00:00
ubuntucve
ubuntucve
CVE-2010-1585
2010-04-28 00:00:00
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkey MFSA多个安全漏洞
2011-03-03 00:00:00
mozilla
mozilla
ParanoidFragmentSink allows javascript: URLs in chrome documents — Mozilla
2011-03-01 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1050-1)
2011-03-03 00:00:00
RHEL 6 : thunderbird (RHSA-2011:0311)
2011-03-02 00:00:00
Mozilla Thunderbird 3.1 < 3.1.8 Multiple Vulnerabilities
2011-03-03 00:00:00
redhat
redhat
(RHSA-2011:0311) Critical: thunderbird security update
2011-03-01 00:00:00
(RHSA-2011:0310) Critical: firefox security and bug fix update
2011-03-01 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2011-03-03 00:00:00
Firefox and Xulrunner regression
2011-03-07 00:00:00
Firefox and Xulrunner vulnerabilities
2011-03-03 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2011-03-02 00:00:00
firefox security and bug fix update
2011-03-02 00:00:00
osv
osv
icedove - several
2011-03-09 00:00:00
iceape - several
2011-03-03 00:00:00
iceweasel - several
2011-03-09 00:00:00
debian
debian
[BSA-027] Security Update for iceweasel
2011-03-12 08:28:24
[SECURITY] [DSA 2186-1] iceweasel security update
2011-03-09 18:07:07
[SECURITY] [DSA 2180-1] iceape security update
2011-03-03 22:12:20
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-03-01 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-03-03 00:00:00
centos
centos
firefox security update
2011-03-03 05:18:19
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2011-03-15 12:02:21
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:25844
veracode1prion1cve1openvas32ubuntucve1seebug1mozilla1nessus41redhat2ubuntu4oraclelinux2osv3debian4freebsd1securityvulns1centos1suse2gentoo1