70 matches found
Mozilla: Incorrect parsing of template tag could result in JavaScript injection
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...
Denial Of Service (DoS)
Mozilla Firefox is vulnerable to denial of service DoS attacks. Deleting a selection element due to a weak reference to the select element in the options collection would create a use-after-free vulnerability resulting an application crash...
The vulnerability in the Google Chrome web browser, related to errors in handling the lifecycle of HTML select elements, allows a hacker to escape from the isolated browser software environment.
The vulnerability of Google Chrome is related to errors in handling the lifecycle of HTML elements. Exploiting this vulnerability can allow a remote attacker to escape the isolated browser software environment...
CVE-2018-18492: Mozilla Firefox Select Element Use-After-Free
Firefox is a free and open-source web browser developed by the Mozilla Foundation. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection, which gets garbage collected, and results in a potentially...
Mozilla: Use-after-free with select element
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4, Firefox ESR 60.4, and Firefox 64...
Code injection
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...
CVE-2016-2822
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...
Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...
Addressbar spoofing though the SELECT element — Mozilla
Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL,...
SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 (Mozilla Suite)
Check for the Version of Mozilla Suite OpenVAS Vulnerability Test $Id: gbsuse201316331.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 Mozilla Suite Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH,...
Firefox < 25.0 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 25.0 and is, therefore, potentially affected by multiple vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...
CVE-2013-5593
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
CVE-2013-5593
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
CVE-2013-5593
The CVE-2013-5593 issue affects Mozilla Firefox (and related Mozilla products) where the SELECT element’s handling of HTML in dropdowns did not properly restrict content, allowing remote attackers to spoof the address bar or perform clickjacking via navigation-redirect vectors. Affected products/...
Spoofing addressbar though SELECT element — Mozilla
Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks...
CVE-2013-5593
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...
FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)
The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...
CVE-2013-1724
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via vectors...
CVE-2013-1724
CVE-2013-1724 is a use-after-free in Mozilla Firefox (and related Mozilla products) where mozilla::dom::HTMLFormElement::IsDefaultSubmitElement can be triggered by a destroyed SELECT element. Affected software includes Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21. The v...
CVE-2013-1724
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via vectors...