Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-2825
Mozilla Firefox prior to 47.0 allows remote malicious users to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mozilla Firefox
7.5
CVSSv2
CVE-2012-4908
Google Chrome prior to 18.0.1025308 on Android allows remote malicious users to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
Google Chrome
1 EDB exploit
5.8
CVSSv2
CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
F5 Nginx 0.7.65
F5 Nginx 0.7.66
F5 Nginx 0.7.64
F5 Nginx 0.7.61
F5 Nginx 0.7.62
F5 Nginx 0.8.33
F5 Nginx 0.8.40
F5 Nginx 0.8.35
F5 Nginx 0.8.36
F5 Nginx 1.2.6
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2013-0747
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox prior to 18.0, Firefox ESR 17.x prior to 17.0.2, Thunderbird prior to 17.0.2, Thunderbird ESR 17.x prior to 17.0.2, and SeaMonkey prior to 2.15 does not properly enforce the Same Origin Policy, which...
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird Esr
Suse Linux Enterprise Server 10
Suse Linux Enterprise Desktop 11
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Suse Linux Enterprise Desktop 10
Opensuse Opensuse 12.1
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Software Development Kit 10
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
4.3
CVSSv2
CVE-2016-1967
Mozilla Firefox prior to 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and perform...
Mozilla Firefox
4.3
CVSSv2
CVE-2009-2472
Mozilla Firefox prior to 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross...
Mozilla Firefox
Fedoraproject Fedora 10
Opensuse Opensuse 11.1
Opensuse Opensuse 11.0
Suse Linux Enterprise Server 10
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Server 11
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Debuginfo 10
Suse Linux Enterprise Debuginfo 11
6.8
CVSSv2
CVE-2019-6453
mIRC prior to 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome i...
Mirc Mirc
3 Github repositories
4.3
CVSSv2
CVE-2012-5841
Mozilla Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows re...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Thunderbird Esr
Suse Linux Enterprise Server 10
Suse Linux Enterprise Desktop 11
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Suse Linux Enterprise Desktop 10
Opensuse Opensuse 12.1
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Software Development Kit 10
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
2.6
CVSSv2
CVE-2012-0475
Mozilla Firefox 4.x up to and including 11.0, Thunderbird 5.0 up to and including 11.0, and SeaMonkey prior to 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote malicious users to bypass an IPv6 literal ACL via a cross-site (...
Mozilla Firefox 4.0
Mozilla Firefox 8.0
Mozilla Firefox 10.0
Mozilla Firefox 5.0.1
Mozilla Firefox 5.0
Mozilla Firefox 7.0
Mozilla Firefox 6.0.2
Mozilla Firefox 6.0.1
Mozilla Firefox 10.0.2
Mozilla Firefox 10.0.1
Mozilla Firefox 11.0
Mozilla Firefox 6.0
Mozilla Firefox 7.0.1
Mozilla Firefox 8.0.1
Mozilla Firefox 9.0.1
Mozilla Firefox 9.0
Mozilla Firefox 4.0.1
Mozilla Thunderbird 10.0
Mozilla Thunderbird 10.0.1
Mozilla Thunderbird 7.0
Mozilla Thunderbird 10.0.2
Mozilla Thunderbird 6.0.1
4.3
CVSSv2
CVE-2008-2800
Mozilla Firefox prior to 2.0.0.15 and SeaMonkey prior to 1.1.10 allow remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded...
Mozilla Firefox 2.0.0.12
Mozilla Seamonkey
Mozilla Seamonkey 1.1.8
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 1.1.3
Mozilla Firefox 2.0.0.2
Mozilla Seamonkey 1.1.5
Mozilla Firefox 2.0.0.7
Mozilla Seamonkey 1.1
Mozilla Firefox 2.0.0.9
Mozilla Seamonkey 1.1.2
Mozilla Firefox 2.0
Mozilla Firefox
Mozilla Firefox 2.0.0.3
Mozilla Firefox 2.0.0.6
Mozilla Seamonkey 1.1.6
Mozilla Firefox 2.0.0.11
Mozilla Firefox 2.0.0.4
Mozilla Firefox 2.0.0.13
Mozilla Firefox 2.0.0.1
Mozilla Firefox 2.0.0.8
Mozilla Firefox 2.0.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »