CVE-2010-0654

CVE-2010-0654 affects Mozilla family: Firefox 3.5.x up to 3.5.10 and 3.6.x up to 3.6.6, Thunderbird 3.0.x up to 3.0.5 and 3.1.x up to 3.1.0, and SeaMonkey before 2.0.6. The root cause is cross-origin loading of CSS stylesheets when the stylesheet download has an incorrect MIME type and the styles...

CVE-2010-0654

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which...

CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive...

CVE-2010-0654

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which...

Microsoft Internet Explorer CSS Import Use-After-Free Code Execution (MS11-003; CVE-2004-0842; CVE-2010-3971)

Microsoft Internet Explorer is a popular web browser provided by Microsoft Corporation. Its web engine is also incorporated into other Microsoft products including Outlook. The product supports Cascading Style Sheets. A vulnerability exists in the way Microsoft Internet Explorer renders web pages...

firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...

Microsoft Outlook Web Access Cross-Site Scripting (MS05-029; CVE-2005-0563)

Microsoft Outlook Web Access OWA is a component of Microsoft Exchange Server. OWA allows authorized users to send and receive email, manage a calendar, and perform other functions using a web browser. OWA utilizes HTML, CSS and scripting techniques to present the user interface through the web...

[SECURITY] Fedora 11 Update: roundcubemail-0.3.1-2.fc11

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 12 Update: roundcubemail-0.3.1-2.fc12

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

DSA-1988-1 qt4-x11 - several vulnerabilities

Bulletin has no description...

ie6 css设置拒绝服务漏洞

No description provided by source. style type="text/css" !-- 问题是css里面设置样式的时候出错了。 css定义的是f:expressionthis.src='about:blank',this.outerHTML=''; 问题应该就是mshtml.dll里 -- /!CDATA/ iframe f:expressionthis.src='about:blank',this.outerHTML=''; f126v:expression !important // /style iframe id=f126 src=test...

Mozilla IFRAME Style Change Handling Code Execution (CVE-2008-1236)

Firefox is an open source web browser developed by Mozilla Foundation. The application is capable of interpreting and rendering many types of Internet content, including various versions of HTML, XML, CSS Cascade Style Sheet, Javascript, various graphic formats, and so on. Firefox is made availab...

Cross-domain data theft with CSS load

CSS can be loaded cross-domain, and in some cases it is be possible to read the data pointed to, leading to the possibility of cross-domain data theft...

CentOS 5 : kdelibs (CESA-2009:1127)

Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment KDE. A flaw...

LineWeb Local File Inclusion / SQL Injection

LineWeb it's a web-app to manage Lineage 2 private severs, a very known mmorpg, and allows to do action such as: Main Features: - Register - Login - Quick Login Function - Quick statistics function server status, game server status, online players - Statistics login server status, game server...

Microsoft Internet Explorer 8 - CSS 'expression' Remote Denial of Service

source: https://www.securityfocus.com/bid/40487/info Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successfully exploiting this issue will cause the applicati...

Microsoft IE CSS竞争条件远程代码执行漏洞（MS09-072）

BUGTRAQ ID: 37212 CVE ID: CVE-2009-3673 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 在CSS两个元素之间快速的反复点击切换可能触发竞争条件，导致调用悬浮指针，这可以通过heap spray进一步利用。攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 8.0 Microsoft Internet Explorer 7.0 临时解决方法： 将Internet...

Apple Safari 'CSS' Buffer Overflow Vulnerability (Dec 2009) - Windows

Apple Safari Web Browser is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability

This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a race condition...

1 0 kind of hung it to the way-vulnerability warning-the black bar safety net

A:The frame hanging horse iframe src=address width=0 height=0/iframe II:the js file hanging horse First, the following code document. write"iframe width='0' height='0' src='address'/iframe"; 保存 为 xxx.js that The JS hung it to the code script language=javascript src=xxx. js/script Three:js...