Mozilla Firefox and Mozilla Suite Code Execution Through Shared Function Objects
This bug allows a malicious web page to execute any programs on your computer. A malicious hacker can take complete control over your computer using this bug. The bug can be exploited by a web page you browse.
Mozilla Privilege Escalation via DOM Property Overrides Vulnerability
This bug allows a malicious web page to execute any programs on your computer. A malicious hacker can take complete control over your computer using this bug. The bug can be exploited by a web page you browse.
Mozilla JavaScript "Lambda" Replace Memory Exposure Vulnerability
This bug allows a malicious website to retrieve the contents of the blocks of memory used by Mozilla and Firefox browsers. The memory can contain confidential information, such as the URLs of the visited websites, the passwords, etc.
Mozilla Firefox Code Execution Through JavaScript: Favicons Vulnerability
This bug allows a malicious web page to execute any programs on your computer. A malicious hacker can take complete control over your computer using this bug. The bug can be exploited by a web page you browse.
This bug only affects Mozilla Firefox browsers.
Microsoft Internet Explorer DHTML Edit Control Script Injection Vulnerability
This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read your mail from a web mail system. Combined with other vulnerabilities it can allow to execute any programs on your computer.
Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability
This bug allows a malicious web page to execute any programs on your computer. A malicious hacker can take complete control over your computer using this bug. The bug can be exploited by a web page you browse or HTML email mesage you open.
Sun Java Plugin Arbitrary Package Access Vulnerability / Opera Java Vulnerability
Java Plugin allows web browsers to run Java applets. Java
plugin may be used by Internet Explorer, Mozilla (and Mozilla-base browsers, such as Firefox), and other browsers.
When a browser opens a web page that contains a Java applet the browser
automatically downloads the applet and runs it locally. To protect the user
from malicious applets all the applets run in so called "sandbox". The sandbox
restricts what an applet can do. For example, the sandbox will not allow an
applet to open local files or start programs.
This bug in Sun Java Plugin allows a web site to bypass the sandbox and execute
Java code that the sandbox will normally not allow and possibly gain control over the client computer.
Opera does not use Sun Java Plugin, but has a similar bug in its interface to Java.
Microsoft Internet Explorer JavaScript Method Assignment Cross-Domain Scripting Vulnerability
This bug allows a malicious web site to spoof content in windows opened
by other web sites. It can also let a malicious web site to access your
data on other web sites. For example it can be used to read your mail
from a web mail system.
Internet Explorer Modal Dialog Argument Caching Cross-Domain Scripting Vulnerability
This bug allows a malicious web page to execute any programs on your computer. A malicious hacker can take complete control over your computer using this bug. The bug can be exploited by a web page you browse or HTML email mesage you open.
This bug was discovered "in the wild" and is used by malicious web sites to install adware on visitors' computers.
Microsoft Internet Explorer CHM File Processing Arbitrary Code Execution Vulnerability
This bug can allow a malicious web site to automatically download and
execute programs on your computer without your knowledge. This means that an
attacker could infect your computer with a virus or install a program which
may allow them to take control of your computer.
There is a virus found in the wild that uses this bug to infect computers.
Microsoft Internet Explorer file:javascript: Cross Domain Scripting Vulnerability
This bug allows a web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. A malicious website may also be able to exploit this vulnerability to delete mail from your webmail account or to spoof trusted websites.
Note: Opera browser is not vulnerable to this problem. If you are running Opera
you don't need to patch.
Microsoft Internet Explorer Search Frame Fake Caller Vulnerability
This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read your mail from a web mail system.
Microsoft Internet Explorer Object Data Remote Execution Vulnerability
This bug allows a malicious web page to execute any programs on your computer. A malicious hacker can take complete control over your computer using this bug. The bug can be exploited by a web page you browse or HTML email mesage you open.
Mozilla Link Onclick Cross Domain Scripting Vulnerability
This bug can allow a malicious web site to access your data on other web
sites. For example it can be used to read you mail from a web mail system.
Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's
source code has been used to create Netscape browser. As a result,
Netscape suffers from many of the same vulnerabilities as Mozilla.
Other browsers, such as Galeon, Phoenix, Camino (Chimera) also use Mozilla's
source code and can be vulnerable too.
305 Use Proxy Redirect Vulnerability
This bug allows a malicious web site to read documents from other
web sites that are only accessible to the user of the browser. For
example it can allow a web site on the Internet to retrieve pages from
an intranet web site behind a corporate firewall.
This bug affects Mozilla (and other browsers that use Mozilla as a base)
and Opera.
Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's
source code has been used to create Netscape browser. As a result,
Netscape suffers from many of the same vulnerabilities as Mozilla.
Other browsers, such as Galeon, Phoenix, Camino (Chimera) also use
Mozilla's source code and can be vulnerable too.
Mozilla XMLSerializer Same Origin Policy Violation Vulnerability
This bug can allow a malicious web site to access your data on other web
sites. For example it can be used to read you mail from a web mail system.
Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's
source code has been used to create Netscape browser. As a result,
Netscape suffers from many of the same vulnerabilities as Mozilla.
Other browsers, such as Galeon, Phoenix, Camino (Chimera) also use Mozilla's
source code and can be vulnerable too.
Mozilla OnUnload Referer Information Leakage Vulnerability
This bug allows a web site to find out where you surfed after
leaving it.
Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's
source code has been used to create Netscape browser. As a result,
Netscape suffers from many of the same vulnerabilities as Mozilla.
Other browsers, such as Galeon, Phoenix, Camino (Chimera) also use
Mozilla's source code and can be vulnerable too.
Mozilla document.write Cross-Domain Scripting Vulnerability
This bug allows a malicious web site to spoof content in windows opened
by other web sites. It can also let a malicious web site to access your
data on other web sites. For example it can be used to read your mail
from a web mail system.
Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's
source code has been used to create Netscape browser. As a result,
Netscape suffers from many of the same vulnerabilities as Mozilla.
Other browsers, such as Galeon, Phoenix, Camino (Chimera) also use
Mozilla's source code and can be vulnerable too.
Opera 7.0 Javascript Exception Information Disclosure Vulnerability
This bug allows a malicious web site to retrieve error messages that
Javascript code produced. This information includes the URLs of all pages that generated errors. Thus a web site can find out which sites you visited before.
Opera 7.0 Browsing History Disclosure Vulnerability
This bug allows a web site to see the URL of the previous site you visited even if you have disabled referrer logging in Opera's privacy settings.
Opera 7.0 Local Images Cross-Site Scripting Vulnerability
This bug allows a web site to read the contents of any file on your computer.
Opera 7.0 console.html Cross-Site Scripting Vulnerability
This bug allows a web site to read the contents of any file on your computer.
Opera 7.0 Javascript Security Model Vulnerability
This bug can allow a malicious web site to read files on your computer. It can also be exploited to access your data on other web sites. For example it can be used to read you mail from a web mail system.
Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability
This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read your mail from a web mail system.
Microsoft Internet Explorer Multimedia Page Cross-Site Scripting Vulnerability
This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read your mail from a web mail system. The attacked web site needs to have a Flash animation file on it for this attack to work.
Microsoft Internet Explorer document.write() Zone Bypass Vulnerability
This bug allows a malicious web site to spoof content in windows opened by other web sites.
Note: Opera browser is not vulnerable to this problem. If you are running Opera
you don't need to patch.
Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability
This bug allows a web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. A malicious website may also be able to exploit this vulnerability to delete mail from your webmail account or to spoof trusted websites.
Update: A way was discovered to use bugs like this one to run locally
installed programs with parameters. That means that a malicious web site
can use this bug to perform any actions on vulnerable computer, such as,
for example, delete files, install programs, etc.
Microsoft Internet Explorer Document Reference Zone Bypass Vulnerability
This bug can allow a malicious web site to access your data on other web sites. For example it can be used to read your mail from a web mail system.
Microsoft Internet Explorer Iframe Document Property Cross Domain Scripting Vulnerability
This bug allows a web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. A malicious website may also be able to exploit this vulnerability to delete mail from your webmail account or to spoof trusted websites.
Update: A way was discovered to use bugs like this one to run locally
installed programs with parameters. That means that a malicious web site
can use this bug to perform any actions on vulnerable computer, such as,
for example, delete files, install programs, etc.
Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability
This bug may allow a malicious web site to read the contents of cookies
left by other web sites. Cookies are small files left on your computer
by a website. Typically, they are used to store information so that a
website can identify you between visits. They might contain login or
registration information, shopping cart information or user preferences.
The malicious web site may be able to gather information about you or
use your cookies to access websites using your identity.
Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's source code
has been used to create Netscape browser. As a result, Netscape suffers from many of the same vulnerabilities as Mozilla.
Microsoft Internet Explorer %2f in URL Same Origin Policy Violation Vulnerability
This bug allows a web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. A malicious website may also be able to exploit this vulnerability to delete mail from your webmail account or to spoof trusted websites.
Update: A way was discovered to use bugs like this one to run locally
installed programs with parameters. That means that a malicious web site
can use this bug to perform any actions on vulnerable computer, such as,
for example, delete files, install programs, etc.
Microsoft Internet Explorer %00 Arbitrary File Execution Vulnerability
This bug can allow a malicious web site to automatically download and
execute programs on your computer without your knowledge. This means that an
attacker could infect your computer with a virus or install a program which
may allow them to take control of your computer.
It is also possible that an e-mail attachment can be executed without
warning you by receiving HTML formatted e-mail in Outlook and Outlook
Express (which use Internet Explorer's rendering).
Microsoft Internet Explorer Cookie Content Disclosure Vulnerability
This bug may allow a malicious web site to read or alter the contents of cookies left by other web sites. Cookies are small pieces of data stored by your computer at a requiest of a website. Typically, they are used to store information so that a website can identify you between visits. They might contain login or registration information, shopping cart information or user preferences. The malicious web site may be able to gather information about you. To read the cookie successfully, the exact name of the cookie must be known by the web site.
You may also be vulnerable when you receive an HTML formatted e-mail in Outlook and Outlook Express (which use Internet Explorer's rendering).
Microsoft Internet Explorer Dialog Same Origin Policy Bypass Vulnerability
This bug allows a web site to read the contents of files on your computer or run any application that is installed on your computer. The web site has to know the exact path and name of the file.
Update: A way was discovered to use bugs like this one to run locally
installed programs with parameters. That means that a malicious web site
can use this bug to perform any actions on vulnerable computer, such as,
for example, delete files, install programs, etc.
Microsoft Internet Explorer OBJECT Tag Same Origin Policy Violation Vulnerability
This bug allows a web site to read the contents of files on your computer and to run any application installed on your computer The web site has to know the exact path and name of the file.
Update: A way was discovered to use bugs like this one to run locally
installed programs with parameters. That means that a malicious web site
can use this bug to perform any actions on vulnerable computer, such as,
for example, delete files, install programs, etc.
Microsoft Internet Explorer Content-Disposition Handling File Execution Vulnerability
An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in the content-type and content-disposition headers.
Under some circumstances, the result may be that IE will automatically download and execute attacker-supplied programs.
It has been demonstrated that this vulnerability can be exploited when Windows Media Player 6.4 or 7.1 is installed on the system.
This vulnerability may also be exploited through HTML formatted email.
Microsoft Internet Explorer DYNSRC File Information Disclosure Vulnerability
This bug allows a web site to check for the existence of any file on your computer and get its size and date of creation. The web site has to know the exact path and name of the file. A malicious attacker can use this bug to detect if certain software is installed on your computer and even find out the version of this software (by checking file sizes). For example, they can see if you are running antivirus software and have the latest updates.
Microsoft Internet Explorer MIME Header "Content-Type: audio-x-wav" Attachment Execution Vulnerability
This bug allows a web site to execute any program supplied by it on your computer. A web site could include content in a page claiming to be an audio file, whilst actually being a computer program. When you visit this website, Internet Explorer would run the program without checking. This means that an attacker could infect your computer with a virus or install a program which may allow them to take control of your computer.
It is also possible that through receiving HTML e-mail in Outlook and Outlook Express (which use Internet Explorer's rendering), that an e-mail attachment can be executed without warning you.
This bug is exploited by a virus called BugBear which spreads via e-mail.
Microsoft Internet Explorer Temporary Internet Files Folder Disclosure Vulnerability
This bug may allow a malicious website to discover the names of temporary Internet folders where Internet Explorer stores cached files. Together with other bugs, it may allow the malicious website to read files from your computer and to execute any program on your computer. This means that an attacker could infect your computer with a virus or install a program which may allow them to take control of your computer.
Microsoft Internet Explorer Navigate Function Cross Frame Access Vulnerability
This bug allows a malicious web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. You may also be vulnerable when you receive an HTML formatted e-mail in Outlook and Outlook Express (which use Internet Explorer's rendering).
Update: A way was discovered to use bugs like this one to run locally
installed programs with parameters. That means that a malicious web site
can use this bug to perform any actions on vulnerable computer, such as,
for example, delete files, install programs, etc.
