NVD-CWE-Other

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a “temporary footprint” and an “in-session phishing attack.”

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a “temporary footprint” when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an “in-session phishing attack.” NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of “browse documents” and dashboard requests.

Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a Trojan horse program in (1) the current working directory or (2) /var/tmp, related to the (a) pdf90, (b) pdfjoin, and (c) pdfnup scripts.

Opera before 9.63 does not block unspecified “scripted URLs” during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.