The vulnerability of JavaScript script handlers in Internet Explorer allows a perpetrator to execute arbitrary code.

The vulnerability of Internet Explorer’s JavaScript script handlers arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page...

Vulnerability of JavaScript handlers in Microsoft Edge and Internet Explorer browsers of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of Microsoft Edge and Internet Explorer JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

The vulnerability of JavaScript handlers in the Microsoft Edge browser for the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of Microsoft Edge’s JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

The vulnerability of JavaScript handlers in the Microsoft Edge browser for the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of Microsoft Edge’s JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

The vulnerability of JavaScript handlers in the Microsoft Edge browser for the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of Microsoft Edge’s JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

The vulnerability of JavaScript handlers in the Microsoft Edge browser for the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of Microsoft Edge’s JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

The vulnerability of JavaScript handlers in the Microsoft Edge browser for the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of Microsoft Edge’s JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

Vulnerability of JavaScript handlers in Microsoft Edge and Internet Explorer browsers of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of Microsoft Edge and Internet Explorer JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

WebKit: UXSS via CachedFrameBase::restore

This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true, cachedFrame.isMainFrame; Click anywhere... function...

WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting

Click anywhere... function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function navigatew, url let a = w.document.createElement'a'; a.href = url; a.click; window.onclick = = window.w = open'about:blank', 'w', 'width=500, height=500'; let i0 =...

WebKit - CachedFrameBase::restore Universal Cross-Site Scripting

WebKit - CachedFrameBase::restore Universal Cross-Site Scripting Click anywhere... function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function navigatew, url let a = w.document.createElement'a'; a.href = url; a.click; window.onclick = = window.w =...

WebKit CachedFrameBase::restore Universal Cross Site Scripting

WebKit: UXSS via CachedFrameBase::restore This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true,...

WebKit enqueuePageshowEvent / enqueuePopstateEvent Universal XSS(CVE-2017-2510)

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly interacts with pageshow events. He...

WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting

view-frame.page; frame.tree.appendChildchildFrame-view-frame; childFrame-open; enqueuePageshowEventPageshowEventPersisted; HistoryItem historyItem = frame.loader.history.currentItem; if historyItem && historyItem-stateObject mdocument-enqueuePopstateEventhistoryItem-stateObject;...

Code injection

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers...

CVE-2007-1091

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers...