CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

Adobe Flash Player Use After Free Remote Code Execution (APSB15-05: CVE-2015-0341)

A Use-after-free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error while handling nested objects in the swf file. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted swf file, that can lead to execute...

Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...