CVE-2011-0474

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected by a flaw in handling CSS token sequences with cursors that can lead to a denial of service and possibly other impact via unknown vectors that produce a stale pointer. The provided documents identify the vulnerable sof...

CVE-2011-0473

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets CSS token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that le...

CVE-2011-0473

Removed by vendor...

CVE-2011-0473

CVE-2011-0473 affects Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344; vulnerability arises from improper handling of CSS token sequences with CANVAS elements, allowing remote denial of service or possibly other impact via unknown vectors that lead to a stale pointer. Root cause...

Microsoft Security Advisory 2488013

Microsoft Security Advisory 2488013 addresses a vulnerability in Internet Explorer. This advisory has been updated to include Microsoft Fix It 50591 that prevents the recursive loading of CSS style sheets in Internet Explorer as a mitigation for this vulnerability. Exploitation of this...

CVE-2011-0003

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Code injection

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2011-0003

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors...

mediawiki -- Clickjacking vulnerabilities

Clickjacking vulnerabilities: Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and...

Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability

This host has installed with Internet Explorer and is prone to Use-after-free Vulnerability. This NVT has been replaced by NVT secpodms11-003.nasl OID:1.3.6.1.4.1.25623.1.0.901180. OpenVAS Vulnerability Test $Id: secpodmsieuseafterfreedosvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Microsoft...

Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability

This host has installed with Internet Explorer and is prone to a use after free vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.901180. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced...

Google Chrome multiple vulnerabilities - Dec 10(Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Linux Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networks...

Google Chrome multiple vulnerabilities - Dec 10(Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10win.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Windows Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networ...

Unpatched Flaw in IE Bypasses Key Windows Security Features

An exploit exploiting an unpatched vulnerability in Internet Explorer IE has gone public. Security researcher Shahin Ramezany announced in a Tuesday tweet that he successfully exploited the flaw, which involves how IE handles CSS style sheets on Windows 7 and Vista machines. Offensive Security, a...

Internet Explorer CSS Recursive Import Memory Corruption (CVE-2010-3971)

Microsoft Internet Explorer is the most widely used Internet browser. A memory corruption vulnerability has been reported in the way Microsoft Internet Explorer parses HTML pages that contain recursive CSS import. The vulnerability is due to the creation of uninitialized memory during a CSS...

Vulnerability In IE Lays Open Windows 7 and IE8

A french IT security firm is warning of a previously unknown “zero day” vulnerability that affects most versions of Microsoft’s Internet Explorer Web browser. The hole, if exploited, could allow remote attackers to circumvent defensive features in fully patched WIndows 7 and Windows Vista and run...

CVE-2010-3971

Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets CSS parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service application crash vi...

Immunity Canvas: MS11_003

Name| ms11003 ---|--- CVE| CVE-2010-3971 Exploit Pack| CANVAS Description| IE7 recursive import css vulnerability Notes| CVE Name: CVE-2010-3971 MSADV: MS11-003 Repeatability: Infinite...

CVE-2010-3971

CVE-2010-3971 stems from a use-after-free in the mshtml.dll CSS parser (CSharedStyleSheet::Notify) when encountering a recursive CSS @import. The vulnerability affects Internet Explorer versions that used mshtml (notably IE6–IE8) and can allow remote code execution or a crash via memory corruptio...

Type confusion

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets CSS token sequences, which allows remote attackers ...