GHSA-2V35-W6HQ-6MFW xmldom: Uncontrolled recursion in XML serialization leads to DoS

Summary Seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. Reported operations: - Node.prototype.normalize — reported by @praveen-kv email 2026-04-05 and...

EUVD-2013-0806

Malware in sbrugna...

USN-1791-1: Thunderbird vulnerabilities

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a...

Mozilla Firefox ESR Multiple Vulnerabilities -01 Apr13 (Mac OS X)

This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvuln01apr13macosx.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities -01 Apr13 Mac OS X Authors: Thanga Prakash S...

Mozilla Thunderbird Multiple Vulnerabilities -01 (Apr 2013) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

The System Only Wrapper SOW implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote...

Bypass of SOW protections allows cloning of protected nodes — Mozilla

Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers SOW and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code...

Microsoft IE cloneNode释放后重用远程代码执行漏洞(MS12-063)

BUGTRAQ ID: 55647 CVE ID: CVE-2012-2557 Microsoft Internet Explorer是微软公司推出的一款网页浏览器，使用相当广泛。 Microsoft Internet Explorer 6-8存在远程代码执行漏洞，通过引诱用户查看特制网页，攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 厂商补丁： Microsoft ---------...

CVE-2012-2557

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."...

Design/Logic Flaw

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."...

CVE-2012-2557

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."...

CVE-2010-1176

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no...

Design/Logic Flaw

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no...

Microsoft Internet Explorer cloneNode()和nodeValue()远程内存破坏漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理"cloneNode"和"nodeValue"函数存在内存破坏问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 由于不正确使用"cloneNode"和"nodeValue" JavaScript函数，在重复的调用其中某个函数过程中使用特定构建的元素，可导致内存破坏，可能以应用程序进程权限执行任意指令。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 -...

CVE-2007-3903

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the 1 cloneNode or 2 nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory...

Microsoft Internet Explorer Node Manipulation Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists due to improper use of the "cloneNode" and "nodeValu...