48 matches found
CVE-2026-2787
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2787
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2787
Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2787
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2787
CVE-2026-2787 is a use-after-free in the DOM: Window and Location component, with fixes in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. Connected sources corroborate the issue in Firefox-related components and list the affected products as Firefox/Th...
CVE-2026-2787 Use-after-free in the DOM: Window and Location component
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2787 Use-after-free in the DOM: Window and Location component
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Mozilla多款产品 资源管理错误漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via improper handling of window.location inside client-side JavaScript templates. An attacker can redirect users to arbitrary external websites by crafting a malicious link and convincing a user to click it. Remediation...
EUVD-2010-0201
Malware in sbrugna...
EUVD-2018-0091
Malware in sbrugna...
SUSE CVE-2007-4224
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property...
SUSE CVE-2010-0170
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors that are specific to each affected plugin...
SUSE CVE-2012-1956
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object aka window.location, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via vectors involving a...
SUSE CVE-2018-6834
static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...
Mayan EDMS Cross-Site Scripting Vulnerability (CNVD-2019-09817)
Mayan EDMS is a document management system developed by software developer Roberto Rosario. The system supports electronic signatures, version control and optical character recognition. A cross-site scripting vulnerability exists in Mayan EDMS versions prior to 3.0.2. The vulnerability stems from...
PYSEC-2018-106
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...
PYSEC-2018-16
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...
Etherpad Lite Cross-Site Scripting Vulnerability
Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...
Google Chrome 8.0.552.237 - .replace DoS
No description provided by source. html head Exploit Title: Google Chrome v8.0.552.237 .replace DOS Date: January 30 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://www.google.com/chrome Version: v8.0.552.237 Tested on: Windows xp sp3 ,windows 7 ,linux running on VMware Fusion 3....