Fedoraproject » Fedora : Security Vulnerabilities, CVEs, Published In 2009 (XSS)
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."
Max CVSS
4.3
EPSS Score
0.33%
Published
2009-07-22
Updated
2021-07-29
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
Max CVSS
4.3
EPSS Score
1.14%
Published
2009-06-03
Updated
2021-02-14
2 vulnerabilities found