CVE-2010-3971

CVE-2010-3971 stems from a use-after-free in the mshtml.dll CSS parser (CSharedStyleSheet::Notify) when encountering a recursive CSS @import. The vulnerability affects Internet Explorer versions that used mshtml (notably IE6–IE8) and can allow remote code execution or a crash via memory corruptio...

Internet Explorer 8 CSS Parser Exploit

No description provided by source. !/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson d0cs4vage require 'socket' def httpsendsock, data, opts= defaults = :code="200", :message="OK", :type="text/html" opts = defaults.mergeopts code...

Internet Explorer 8 CSS Parser Exploit

!/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson d0cs4vage require 'socket' def httpsendsock, data, opts= defaults = :code="200", :message="OK", :type="text/html" opts = defaults.mergeopts code = opts:code message = opts:message...

Microsoft Internet Explorer 8 - CSS Parser

Microsoft Internet Explorer 8 - CSS Parser !/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson d0cs4vage require 'socket' def httpsendsock, data, opts= defaults = :code="200", :message="OK", :type="text/html" opts =...

Microsoft Internet Explorer 8 - CSS Parser

!/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson d0cs4vage require 'socket' def httpsendsock, data, opts= defaults = :code="200", :message="OK", :type="text/html" opts = defaults.mergeopts code = opts:code message = opts:message...

Internet Explorer 8 CSS Parser Exploit

Exploit for windows platform in category remote exploits ====================================== Internet Explorer 8 CSS Parser Exploit ====================================== !/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson...

Internet Explorer 8 CSS Parser Denial of Service

Exploit for windows platform in category dos / poc ================================================ Internet Explorer 8 CSS Parser Denial of Service ================================================ color:red; @import url"css.css"; @import url"css.css"; @import url"css.css"; @import url"css.css";...

Microsoft Internet Explorer 8 - CSS Parser Denial of Service

color:red; @import url"css.css"; @import url"css.css"; @import url"css.css"; @import url"css.css"; Exploit-DB Notes: Original credit goes to an unidentified researcher using WooYun anonymous account "路人甲". WooYun is a connection platform for vendors and security researchers:...

Microsoft Internet Explorer 8 - CSS Parser Denial of Service

Microsoft Internet Explorer 8 - CSS Parser Denial of Service color:red; @import url"css.css"; @import url"css.css"; @import url"css.css"; @import url"css.css"; Exploit-DB Notes: Original credit goes to an unidentified researcher using WooYun anonymous account "路人甲". WooYun is a connection platfor...

CentOS 5 : kdelibs (CESA-2009:1127)

Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment KDE. A flaw...

SuSE 10 Security Update : Epiphany (ZYPP Patch Number 5889)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute...

SuSE9 Security Update : Epiphany (YOU Patch Number 12326)

The Mozilla Browser received backports for security problems in 1.8.1.14. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382)

The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

RedHat Security Advisory RHSA-2009:1127

The remote host is missing updates announced in advisory RHSA-2009:1127. The kdelibs packages provide libraries for the K Desktop Environment KDE. A flaw was found in the way the KDE CSS parser handled content for the CSS style attribute. A remote attacker could create a specially-crafted CSS...

RedHat Security Advisory RHSA-2009:1128

The remote host is missing updates announced in advisory RHSA-2009:1128. The kdelibs packages provide libraries for the K Desktop Environment KDE. A flaw was found in the way the KDE CSS parser handled content for the CSS style attribute. A remote attacker could create a specially-crafted CSS...

kdelibs security update

CentOS Errata and Security Advisory CESA-2009:1127 Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide...