All the vulnerabilites related to mozilla.org contributors - Mozilla Firefox
jvndb-2011-000058
Vulnerability from jvndb
Published
2011-07-28 16:29
Modified
2011-07-28 16:29
Summary
Mozilla Firefox vulnerable to cross-site scripting
Details
Mozilla Firefox contains a cross-site scripting vulnerability.
Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN96950482/index.html | |
Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
mozilla.org contributors | Mozilla Firefox |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000058.html", "dc:date": "2011-07-28T16:29+09:00", "dcterms:issued": "2011-07-28T16:29+09:00", "dcterms:modified": "2011-07-28T16:29+09:00", "description": "Mozilla Firefox contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000058.html", "sec:cpe": { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000058", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN96950482/index.html", "@id": "JVN#96950482", "@source": "JVN" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Mozilla Firefox vulnerable to cross-site scripting" }
jvndb-2011-000057
Vulnerability from jvndb
Published
2011-07-28 16:27
Modified
2011-07-28 16:27
Summary
Mozilla Firefox vulnerable to denial-of-service (DoS)
Details
Mozilla Firefox contains a denial-of-service (DoS) vulnerability.
Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service (DoS) vulnerability.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN70984231/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2011-2669 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2011-2669 | |
No Mapping(CWE-DesignError) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
mozilla.org contributors | Mozilla Firefox |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000057.html", "dc:date": "2011-07-28T16:27+09:00", "dcterms:issued": "2011-07-28T16:27+09:00", "dcterms:modified": "2011-07-28T16:27+09:00", "description": "Mozilla Firefox contains a denial-of-service (DoS) vulnerability.\r\n\r\nMozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service (DoS) vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000057.html", "sec:cpe": { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000057", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN70984231/index.html", "@id": "JVN#70984231", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2011-2669", "@id": "CVE-2011-2669", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-2669", "@id": "CVE-2011-2669", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" } ], "title": "Mozilla Firefox vulnerable to denial-of-service (DoS)" }
jvndb-2006-000326
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Mozilla Firefox vulnerable to HTTP response splitting
Details
(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.
(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.\r\n\r\n(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.", "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:seamonkey", "@product": "Mozilla SeaMonkey", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:thunderbird", "@product": "Mozilla Thunderbird", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2006-000326", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN62734622/index.html", "@id": "JVN#62734622", "@source": "JVN" }, { "#text": "http://jvn.jp/en/jp/JVN28513736/index.html", "@id": "JVN#28513736", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786", "@id": "CVE-2006-2786", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2786", "@id": "CVE-2006-2786", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/18228", "@id": "18228", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2006/2106", "@id": "FrSIRT/ADV-2006-2106", "@source": "FRSIRT" } ], "title": "Mozilla Firefox vulnerable to HTTP response splitting" }
jvndb-2011-000055
Vulnerability from jvndb
Published
2011-07-28 16:24
Modified
2011-07-28 16:24
Summary
Mozilla Firefox vulnerability in processing content-length header
Details
Mozilla Firefox contains a vulnerability in the processing of content-length header.
Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN36721438/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2011-2668 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2011-2668 | |
No Mapping(CWE-DesignError) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
mozilla.org contributors | Mozilla Firefox |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000055.html", "dc:date": "2011-07-28T16:24+09:00", "dcterms:issued": "2011-07-28T16:24+09:00", "dcterms:modified": "2011-07-28T16:24+09:00", "description": "Mozilla Firefox contains a vulnerability in the processing of content-length header.\r\n\r\nKazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000055.html", "sec:cpe": { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000055", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN36721438/index.html", "@id": "JVN#36721438", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2011-2668", "@id": "CVE-2011-2668", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-2668", "@id": "CVE-2011-2668", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" } ], "title": "Mozilla Firefox vulnerability in processing content-length header" }
jvndb-2011-000059
Vulnerability from jvndb
Published
2011-07-28 16:31
Modified
2011-07-28 16:31
Summary
Mozilla Firefox vulnerable to cross-site scripting
Details
Mozilla Firefox contains a cross-site scripting vulnerability.
Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets (CSS), which may result in cross-site scripting.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN74649877/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2011-2670 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2011-2670 | |
Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
mozilla.org contributors | Mozilla Firefox |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000059.html", "dc:date": "2011-07-28T16:31+09:00", "dcterms:issued": "2011-07-28T16:31+09:00", "dcterms:modified": "2011-07-28T16:31+09:00", "description": "Mozilla Firefox contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets (CSS), which may result in cross-site scripting.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000059.html", "sec:cpe": { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000059", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN74649877/index.html", "@id": "JVN#74649877", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2011-2670", "@id": "CVE-2011-2670", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-2670", "@id": "CVE-2011-2670", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Mozilla Firefox vulnerable to cross-site scripting" }
jvndb-2005-000530
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Vulnerability in multiple web browsers allowing request spoofing attacks
Details
Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.
In general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000530.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.\r\n\r\nIn general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000530.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:mozilla_suite", "@product": "Mozilla Suite", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000530", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN31226748/", "@id": "JVN#31226748", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703", "@id": "CVE-2005-2703", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2703", "@id": "CVE-2005-2703", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/16911/", "@id": "SA16911", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/14923", "@id": "14923", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2005/1824", "@id": "FrSIRT/ADV-2005-1824", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-94", "@title": "Code Injection(CWE-94)" } ], "title": "Vulnerability in multiple web browsers allowing request spoofing attacks" }
jvndb-2007-000176
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Mozilla Firefox cross-site scripting vulnerability
Details
Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:seamonkey", "@product": "Mozilla SeaMonkey", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_optional_productivity_applications", "@product": "RHEL Optional Productivity Applications", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000176", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN38605899/index.html", "@id": "JVN#38605899", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995", "@id": "CVE-2007-0995", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0995", "@id": "CVE-2007-0995", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/24205/", "@id": "SA24205", "@source": "SECUNIA" }, { "#text": "http://secunia.com/advisories/24238/", "@id": "SA24238", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/22694", "@id": "22694", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2007/0718", "@id": "FrSIRT/ADV-2007-0718", "@source": "FRSIRT" } ], "title": "Mozilla Firefox cross-site scripting vulnerability" }
jvndb-2012-000009
Vulnerability from jvndb
Published
2012-07-30 14:53
Modified
2012-07-30 14:53
Summary
Multiple web browsers vulnerable in processing Tranfer-Encoding header
Details
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header.
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server.
Kazuho Oku reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN90389651/index.html | |
No Mapping(CWE-DesignError) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000009.html", "dc:date": "2012-07-30T14:53+09:00", "dcterms:issued": "2012-07-30T14:53+09:00", "dcterms:modified": "2012-07-30T14:53+09:00", "description": "Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header.\r\n\r\nMultiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server.\r\n\r\nKazuho Oku reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000009.html", "sec:cpe": [ { "#text": "cpe:/a:microsoft:internet_explorer", "@product": "Microsoft Internet Explorer", "@vendor": "Microsoft Corporation", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2012-000009", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN90389651/index.html", "@id": "JVN#90389651", "@source": "JVN" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" } ], "title": "Multiple web browsers vulnerable in processing Tranfer-Encoding header" }
jvndb-2008-000021
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-07-29 14:54
Summary
Mozilla Firefox cross-site scripting vulnerability
Details
Mozilla Firefox web browser contains a cross-site scripting vulnerability.
Mozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html", "dc:date": "2008-07-29T14:54+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-07-29T14:54+09:00", "description": "Mozilla Firefox web browser contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:opensolaris", "@product": "OpenSolaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_wizpy", "@product": "wizpy", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-000021", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN21563357/index.html", "@id": "JVN#21563357", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416", "@id": "CVE-2008-0416", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416", "@id": "CVE-2008-0416", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/29303", "@id": "29303", "@source": "BID" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Mozilla Firefox cross-site scripting vulnerability" }
jvndb-2017-000171
Vulnerability from jvndb
Published
2017-07-11 13:48
Modified
2018-08-30 18:03
Severity ?
Summary
Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
Details
Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000171.html", "dc:date": "2018-08-30T18:03+09:00", "dcterms:issued": "2017-07-11T13:48+09:00", "dcterms:modified": "2018-08-30T18:03+09:00", "description": "Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000171.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:firefox_esr", "@product": "Mozilla Firefox ESR", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:thunderbird", "@product": "Mozilla Thunderbird", "@vendor": "mozilla.org contributors", "@version": "2.2" } ], "sec:cvss": [ { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "7.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2017-000171", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN81676004/index.html", "@id": "JVN#81676004", "@source": "JVN" }, { "#text": "https://jvn.jp/en/ta/JVNTA91240916/", "@id": "JVNTA#91240916", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755", "@id": "CVE-2017-7755", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-7755", "@id": "CVE-2017-7755", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries" }