744 matches found
Google Chrome样式表重新定向信息泄露漏洞
BUGTRAQ ID: 37917 CVE ID: CVE-2010-0315 Google Chrome是Google发布的开源WEB浏览器。 Chrome跟随了样式表的重新定向并允许读取目标URL。通过在样式表LINK元素的HREF属性中放置站点URL然后读取 document.styleSheets0.href属性值,攻击者就可以找到重新定向的目标URL。 Google Chrome 3.0.195.38 厂商补丁: Google ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.google.com...
Apple Safari Multiple Vulnerabilities
This host is installed with Apple Safari Web Browser and is prone to to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafarimultvulnjan10.nasl 7174 2017-09-18 11:48:08Z asteins $ Apple Safari Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...
Code injection
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the...
CVE-2010-0314
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets0.href property value...
CVE-2010-0314
The connected SSV entry (SSV:19008) documents CVE-2010-0314 as a redirect-target disclosure in Apple Safari: if a site URL is placed in the HREF of a stylesheet LINK element, a user’s session can read document.styleSheets[0].href to reveal the redirect URL. It notes Safari 4.0.4 and describes the...
CVE-2010-0314
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets0.href property value...
CVE-2010-0314
Removed by vendor...
CVE-2010-0315
Removed by vendor...
SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 747)
The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : - Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still...
SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)
The Mozilla Firefox Browser was refreshed to the current MOZILLA18 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)
The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines...
XSS in PDF screen
The "PDF Export Stylesheet" field is not encoded...
XSS in PDF screen
The "PDF Export Stylesheet" field is not encoded...
Design/Logic Flaw
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...
CVE-2009-1699
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...
CVE-2009-1699
The CVE-2009-1699 entry is confirmed in connected documents as a WebKit XXE vulnerability: qt4-x11 uses WebKit’s XSL stylesheet processing and does not properly handle XML external entities, enabling remote file disclosure via a crafted DTD (e.g., file:///… paths). Affected product/kit: Qt4-x11 w...
CVE-2009-1699
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...
CVE-2009-1302
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to 1 nsAsyncInstantiateEvent::Run, 2...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)
The Mozilla Firefox Browser was refreshed to the current MOZILLA18 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in...
SUSE: Security Advisory for MozillaFirefox (SUSE-SA:2009:022)
The remote host is missing updates announced in advisory SUSE-SA:2009:022. Copyright C 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...