9802 matches found
New DOM Flaw Can Crash IE, Other Major Browsers
From The H Security The Luxembourg security specialists G-SEC have published details of a vulnerability in the majority of browsers which will either crash the browser or consume so much memory that it makes the computer virtually unusable. The trick is simple. Using JavaScript’s DOM Document...
[SECURITY] Fedora 11 Update: seamonkey-1.1.17-1.fc11
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
[SECURITY] Fedora 10 Update: seamonkey-1.1.17-1.fc10
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
Month Of Twitter Bugs - Twitterfall XSS
Wednesday, July 8, 2009 MoTB 08: DOM Based XSS in Twitterfall What is Twitterfall "Twitterfall is a way of viewing the latest 'tweets' of upcoming trends and custom searches on the micro-blogging site Twitter. Updates fall from the top of the page in near-realtime.." Twitterfall home page Twitter...
Mandrake Security Advisory MDVSA-2009:145 (php)
The remote host is missing an update to php announced via advisory MDVSA-2009:145. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...
CVE-2009-1201
Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...
CVE-2009-1201
Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...
Firefox browser engine crashes
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...
Cisco ASA Adaptive Security Appliance Clientless SSL VPN DOM Cross-Site Scripting Vulnerability
Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that are configured to accept Clientless SSL VPN connections are affected by a cross-site scripting vulnerability. Versions 7.x are not affected. The vulnerability is due to insufficient restrictions on...
Design/Logic Flaw
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash by destroying a...
CVE-2009-1701
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash by destroying a...
CVE-2009-1711
CVE-2009-1711 affects WebKit-based components (notably in Apple Safari before 4.0) where WebKit’s Attr DOM memory is not properly initialized. This can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that exercises Attr DOM memory handling...
CVE-2009-1701
Removed by vendor...
Design/Logic Flaw
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...
CVE-2009-1690
CVE-2009-1690 is a use-after-free in WebKit affecting Safari (pre-4.0) and related WebKit-based products (iPhone OS 1.0–2.2.1, iPod touch 1.1–2.2.1, Google Chrome 1.0.154.53). The issue arises when a crafted HTML tag property causes child elements to be freed and later accessed during an HTML err...
CVE-2009-1690
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...
CVE-2009-1690
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
The host is installed with Opera Web Browser and is prone to PDF Javascript Security Bypass Vulnerability. OpenVAS Vulnerability Test $Id: secpodapplesafaripdfjsrestbypassvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Apple Safari PDF Javascript Security Bypass Bypass Vulnerability Authors: Antu...
Opera < 10 PDF JavaScript Security Bypass Vulnerability - Linux
Opera Web Browser is prone to a PDF JavaScript security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Opera < 10 PDF JavaScript Security Bypass Vulnerability - Windows
Opera Web Browser is prone to a PDF JavaScript security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...