Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
origin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-1967
Mozilla Firefox prior to 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and perform...
Mozilla Firefox
4.3
CVSSv2
CVE-2009-2472
Mozilla Firefox prior to 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross...
Mozilla Firefox
Fedoraproject Fedora 10
Suse Linux Enterprise Debuginfo 10
Suse Linux Enterprise Debuginfo 11
Opensuse Opensuse 11.0
Opensuse Opensuse 11.1
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
6.8
CVSSv2
CVE-2019-6453
mIRC prior to 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome i...
Mirc Mirc
3 Github repositories
4.3
CVSSv2
CVE-2012-5841
Mozilla Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows re...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Thunderbird Esr
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Opensuse Opensuse 12.2
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 10
Suse Linux Enterprise Software Development Kit 11
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Eus 6.3
Redhat Enterprise Linux Server 5.0
2.6
CVSSv2
CVE-2012-0475
Mozilla Firefox 4.x up to and including 11.0, Thunderbird 5.0 up to and including 11.0, and SeaMonkey prior to 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote malicious users to bypass an IPv6 literal ACL via a cross-site (...
Mozilla Firefox 4.0.1
Mozilla Firefox 4.0
Mozilla Firefox 5.0.1
Mozilla Firefox 6.0
Mozilla Firefox 9.0
Mozilla Firefox 10.0
Mozilla Firefox 6.0.2
Mozilla Firefox 6.0.1
Mozilla Firefox 7.0.1
Mozilla Firefox 10.0.1
Mozilla Firefox 10.0.2
Mozilla Firefox 7.0
Mozilla Firefox 8.0
Mozilla Firefox 11.0
Mozilla Firefox 5.0
Mozilla Firefox 8.0.1
Mozilla Firefox 9.0.1
Mozilla Thunderbird 6.0.1
Mozilla Thunderbird 6.0.2
Mozilla Thunderbird 10.0.2
Mozilla Thunderbird 10.0.3
Mozilla Thunderbird 10.0.4
4.3
CVSSv2
CVE-2009-3375
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x prior to 3.0.15 and 3.5.x prior to 3.5.4 allows user-assisted remote malicious users to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Mozilla Firefox 3.0.1
Mozilla Firefox 3.0.10
Mozilla Firefox 3.0.3
Mozilla Firefox 3.0.2
Mozilla Firefox 3.5.3
Mozilla Firefox 3.5
Mozilla Firefox 3.0.11
Mozilla Firefox 3.0.12
Mozilla Firefox 3.0.7
Mozilla Firefox 3.0.8
Mozilla Firefox 3.0
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.4
Mozilla Firefox 3.5.1
Mozilla Firefox 3.5.2
Mozilla Firefox 3.0.13
Mozilla Firefox 3.0.6
Mozilla Firefox 3.0.9
9.3
CVSSv2
CVE-2019-1636
A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an malicious user to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An a...
Cisco Webex Teams 3.0.4533
1 Article
4.3
CVSSv2
CVE-2008-2800
Mozilla Firefox prior to 2.0.0.15 and SeaMonkey prior to 1.1.10 allow remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded...
Mozilla Firefox 2.0.0.12
Mozilla Firefox 2.0.0.13
Mozilla Firefox 2.0.0.9
Mozilla Seamonkey 1.1
Mozilla Seamonkey 1.1.8
Mozilla Firefox
Mozilla Firefox 2.0.0.10
Mozilla Firefox 2.0.0.11
Mozilla Firefox 2.0.0.7
Mozilla Firefox 2.0.0.8
Mozilla Seamonkey 1.1.6
Mozilla Seamonkey 1.1.7
Mozilla Firefox 2.0.0.2
Mozilla Firefox 2.0.0.3
Mozilla Seamonkey 1.1.2
Mozilla Seamonkey 1.1.3
Mozilla Seamonkey
Mozilla Firefox 2.0
Mozilla Firefox 2.0.0.1
Mozilla Firefox 2.0.0.4
Mozilla Firefox 2.0.0.5
Mozilla Firefox 2.0.0.6
4.3
CVSSv2
CVE-2007-6574
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewfor...
Dokeos Open Source Learning And Knowledge Management Tool 1.5.4
Dokeos Open Source Learning And Knowledge Management Tool 1.5.5
Dokeos Open Source Learning And Knowledge Management Tool 1.6.4
Dokeos Open Source Learning And Knowledge Management Tool 1.6.5
Dokeos Open Source Learning And Knowledge Management Tool 1.4
Dokeos Open Source Learning And Knowledge Management Tool 1.5
Dokeos Open Source Learning And Knowledge Management Tool 1.5.3
Dokeos Open Source Learning And Knowledge Management 1.8
Dokeos Open Source Learning And Knowledge Management 1.8.4
Dokeos Open Source Learning And Knowledge Management Tool 1.8
Dokeos Open Source Learning And Knowledge Management Tool 1.8.4
3 EDB exploits
NA
CVE-2023-2724
Type confusion in V8 in Google Chrome before 113.0.5672.126 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google Chrome
Debian Debian Linux 11.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »