CVE-2010-0183

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus...

CVE-2010-0183

CVE-2010-0183 is a use-after-free in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5. The issue is in nsCycleCollector::MarkRoots and is triggered by crafting an HTML document via improper frame construction for menus, allowing remote code execution. Affected products include Firef...

Content-Disposition: attachment ignored if Content-Type: multipart also present

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...

CVE-2010-1407

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...

Design/Logic Flaw

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...

CVE-2010-1407

CVE-2010-1407 affects WebKit in Apple iOS prior to version 4, where history.replaceState implemented with IFRAME handling could allow a remote attacker to obtain sensitive information via a crafted HTML document. The NVD entry assigns a CVSS v2 base score of 4.3 (Medium) with network attack vecto...

CVE-2010-1757

CVE-2010-1757: WebKit in Apple iOS before 4 on the iPhone/iPod touch does not enforce boundary restrictions on IFRAME content, allowing remote UI spoofing via a crafted HTML document. The available documents identify affected software and impact but do not provide exploitation details or explicit...

CVE-2010-1407

Removed by vendor...

Design/Logic Flaw

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, a...

CVE-2010-1769

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, a...

CVE-2010-1769

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, a...

CVE-2010-1769

Removed by vendor...

CVE-2010-2295

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE:...

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table...

Code injection

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table...

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table...

Design/Logic Flaw

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE:...

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table...

CVE-2010-2264

The Cascading Style Sheets CSS implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages...

CVE-2010-1761

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving HTML document subtrees...