Lucene search
MitreCVELIST:CVE-2009-1412HistoryApr 24, 2009 - 3:00 p.m.
CVE-2009-1412
2009-04-2415:00:00
mitre
www.cve.org
3
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
Related
nessus
nessus
Google Chrome < 1.0.154.59 ChromeHTML URI Handling Privilege Escalation
2009-04-24 00:00:00
chrome
chrome
Stable Update: Security Fix
2009-04-23 00:00:00
prion
prion
Design/Logic Flaw
2009-04-24 15:30:00
cve
cve
CVE-2009-1412
2009-04-24 15:30:00
debiancve
debiancve
CVE-2009-1412
2009-04-24 15:30:00
nvd
nvd
CVE-2009-1412
2009-04-24 15:30:00
openvas
openvas
Google Chrome Multiple XSS Vulnerabilities (May 2009)
2009-05-07 00:00:00
Google Chrome Multilpe XSS Vulnerabilities (May 09)
2009-05-07 00:00:00
seebug
seebug
Google Chrome chromehtml:协议处理器绕过同源策略限制漏洞
2009-04-28 00:00:00