CVE-2026-34765

A flaw was found in Electron, a framework for building desktop applications. This vulnerability allows a malicious component within an Electron application to hijack an existing child window opened by another part of the application if both use the same window name. This could lead to the malicio...

CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

EUVD-2026-18947

Electron: Use-after-free in offscreen child window paint callback...

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the offscreen rendering process when a parent WebContents is destroyed while a child window remains open...

Arbitrary File Read

electron is vulnerable to arbitrary file read. An attacker is able to read local files by defining unsafe window options on a child window that is opened using window.open...

Design/Logic Flaw

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling event.preventDefault on all new-window events where the url or options is not...

Arbitrary file read via window-open IPC in Electron

Impact The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open. Workarounds Ensure you are calling event.preventDefault on all new-window events where the url or options is not something you expect. Fixed Versions 9.0.0-beta.21...

Microsoft Windows Child Window NULL Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

Phabricator: Window.opener protection Bypass

SUMMURY ======== If you create a post/comment with a link like http://x.com in fabricator then server add rel="norefferrer" to anchor tag . So child window dont have access to parent window. But it can be bypassed with url like /\x.com/index.php and child window can change the location property o...

PT-2012-2575 · Mozilla +2 · Thunderbird Esr +6

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 4.x through 10.0 Firefox ESR versions 10.x before 10.0.3 Thunderbird versions 5.0 through 10.0 Thunderbird ESR versions 10.x before 10.0.3 SeaMonkey version before 2.8 Description: The issue allows remote attackers to...

Microsoft Internet Explorer 5 - IFrame/Frame Cross-Site/Zone Script Execution

source: https://www.securityfocus.com/bid/5672/info When a Microsoft Internet Explorer MSIE window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur...