CVE-2025-15032

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

CVE-2025-15032

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

CVE-2025-15032

Dia for macOS before 1.9.0 is vulnerable to spoofing of the window title due to a missing about:blank indicator in custom-sized new windows. The root cause is the absence of a visual cue (about:blank indicator) that can mislead users about the current site. Affected product: Dia (macOS). Impact: ...

CVE-2025-15032

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

CVE-2025-15032 CVE-2025-15032: Increased Spoofing risk; custom new window missing about:blank

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

Dia security vulnerabilities

Dia is an AI-driven smart browser developed by Dia Company. Versions of Dia prior to 1.9.0 contained a security vulnerability. This vulnerability stemmed from the absence of the about:blank indicator in new windows with custom sizes, which could allow attackers to deceive trusted domains and...

PT-2026-3271

Name of the Vulnerable Software and Affected Versions Dia versions prior to 1.9.0 Description A flaw exists in Dia that, on macOS, could allow an attacker to spoof a trusted domain in the window title of custom-sized new windows. This could mislead users about the current site due to a missing...

EUVD-2007-1001

Malware in sbrugna...

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

...

Linux Distros Unpatched Vulnerability : CVE-2020-15664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would...

Local Frames: Exploiting Inherited Origins to Bypass Content Blockers

We present a study of how local frames i.e., iframes with non-URL sources like "about:blank" are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack techniques they seek to protect against, including browser...

SUSE CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

UBUNTU-CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...

CVE-2022-44875

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code...

PT-2023-14564 · Kioware · Kioware

Name of the Vulnerable Software and Affected Versions: KioWare versions through 8.33 Description: The issue allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code because KioWare sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin. Recommendations: Fo...

SUSE CVE-2007-3089

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

SUSE CVE-2007-3844

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...

SUSE CVE-2010-1206

The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is...