Path traversal

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

Design/Logic Flaw

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

Code injection

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird 52.1, Firefox ESR 52.1, and Firefox 53...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

CVE-2017-7847

Mozilla Thunderbird prior to 52.5.2 is affected by CVE-2017-7847 through crafted CSS in an RSS feed that can leak local path strings (potentially including user names). The underlying issue is leakage via RSS processing of CSS. Impact is information disclosure; exploitation details are not provid...

CVE-2017-5472

CVE-2017-5472 is a use-after-free in Mozilla's frameloader during CSS layout regeneration, leading to potential crash. Concrete details in connected docs show impact on Firefox versions <54, Firefox ESR <52.2, and Thunderbird

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

CVE-2017-5449

CVE-2017-5449 affects Mozilla Firefox (and Thunderbird) components where a crash can be triggered during layout/manipulation of bidirectional Unicode text in concert with CSS animations. Public records in connected advisories indicate affected versions: Thunderbird < 52.1, Firefox ESR < 52....

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird 52.1, Firefox ESR 52.1, and Firefox 53...

Code injection

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

CVE-2018-4190

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

UBUNTU-CVE-2018-4190

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

CVE-2018-4190

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

chromium-browser: Leak of visited status of page in Blink

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

ecc-gulp-tasks (=2.4.3) potentially affected by CVE-2016-10548 via reduce-css-calc (=1.2.4)

reduce-css-calc NPM version =1.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on reduce-css-calc and may be impacted: - ecc-gulp-tasks =2.4.3 Source cves: CVE-2016-10548 Source advisory: OSV:GHSA-4662-J96G-MV46...

GHSA-4662-J96G-MV46 Arbitrary Code Injection in reduce-css-calc

Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...

Arbitrary Code Injection in reduce-css-calc

Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...

CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS

Chrome extension and Express server that exploits keylogging abilities of CSS. To use SetupChrome extension 1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging 2. Visit chrome://extensions in your browser or open up the Chrome menu by clicking the icon to the far right of...