9802 matches found
CVE-2010-1414
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the removeChild DOM method...
CVE-2010-1395
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...
Design/Logic Flaw
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the removeChild DOM method...
CVE-2010-1414
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the removeChild DOM method...
EUVD-2010-1442
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the removeChild DOM method...
CVE-2010-1395
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...
CVE-2010-1395
CVE-2010-1395 is a WebKit-based XSS vulnerability in Apple Safari prior to 5.0 (Mac OS X 10.5–10.6 and Windows) and Safari/WebKit prior to 4.1 on Mac OS X 10.4. It arises from a DOM constructor object scope management issue that allows remote attackers to inject arbitrary script or HTML via certa...
CVE-2010-1395
Removed by vendor...
Google Pays $2K for Chrome Vulnerability
Google has paid out its highest sum yet, $2,000, for the discovery of a high-risk vulnerability found in its Chrome browser. The recipient is developer Sergey Glazunov, who found a DOM method-related means of circumventing the same origin policy. Read the full article. The H Security...
Google Chrome < 5.0.375.70 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 5.0.375.70. As such, it is reportedly affected by multiple vulnerabilities : - A cross-origin keystroke redirection vulnerability. Issue 15766 - A cross-origin bypass in DOM methods. Issue 39985 - A memory error exists in...
Google Chrome < 5.0.375.70 Multiple Vulnerabilities
Binary data 5567.pasl...
Google Chrome < 5.0.375.70 Multiple Vulnerabilities
Binary data 800928.prm...
百度空间hi.baidu creatbgmusic() Dom-Xss Bug
百度空间的Javascript Dom函数creatbgmusic在输出变量bgmusic没有进行过滤,导致可以通过initBlogTextForFCK函数构造容易HTML代码,最终导致xss漏洞 在http://hi.baidu.com//js/bgmusic.js?v=1.0.js 代码: function creatbgmusicmurl, musicnum, IsMusicHide, IsMusicLoop, IsMusicAutoPlay, unknow, functype //传入的murl赋值到bgmusic1和bgmusic2中 //可以通过构造类似代码来闭合标签如 "i...
Fedora Update for seamonkey FEDORA-2010-7100
Check for the Version of seamonkey OpenVAS Vulnerability Test Fedora Update for seamonkey FEDORA-2010-7100 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
Mozilla Firefox 3.6浏览器DOM节点移动释放后使用漏洞
BUGTRAQ ID: 38952 CVECAN ID: CVE-2010-1121 Firefox是一款流行的开源WEB浏览器。 在文档间移动DOM节点时如果在特定的时间点触发了垃圾收集机制,Firefox就可能错误的引用之前已释放的对象,导致以当前用户权限执行任意代码。 Mozilla Firefox 3.6 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/...
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-063 April 5, 2010 -- CVE ID: CVE-2010-1121 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- TippingPointTM IPS Customer...
Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability
This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in...
[SECURITY] Fedora 12 Update: seamonkey-2.0.4-1.fc12
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
Mozilla Plugs Firefox Pwn2Own Security Hole
Mozilla is the first browser vendor to fix a vulnerability exploited at this year’s CanSecWest Pwn2Own contest. Just one week after a U.K.-based hacker known as “Nils” broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the...
Internet Explorer DOM Operation HTML Object Memory Corruption (MS10-018; CVE-2010-0491)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigger this...