SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2021:1310-1)

This update for librsvg fixes the following issues : librsvg was updated to 2.42.9 : - Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2018-20991 bsc1148293 -the bundled version of the cssparser crate now builds correctly on Rust 1.43...

SUSE-SU-2021:1310-1 Security update for librsvg

This update for librsvg fixes the following issues: - librsvg was updated to 2.42.9: Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2018-20991 bsc1148293 -the bundled version of the cssparser crate now builds correctly on Rust 1.43 bsc11815...

Microsoft Edge - CssParser::RecordProperty Type Confusion Exploit

Exploit for windows platform in category dos / poc function go window.addEventListener"DOMAttrModified", undefined; m.style.cssText = "clip-path: urlfoo;"; !-- ========================================= Preliminary analysis: The crash happens inside CAttrArray::PrivateFindInl. Rcx this pointer is...

Microsoft Edge: Type confusion in CssParser::RecordProperty(CVE-2017-8496)

Preliminary analysis: The crash happens inside CAttrArray::PrivateFindInl. Rcx this pointer is supposed to point to a CAttrArray but it actually pointa to a CAttribute. CAttrArray::PrivateFindInl is only going to perform reads and its return value is going to be discarded by the calling function...

Microsoft Edge CssParser::RecordProperty Type Confusion Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Type confusion in CssParser::RecordProperty CVE-2017-8496 There is a type confusion vulnerability in Microsoft Edge. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit OS version 1607, OS build 14393.1198 and...

Microsoft Edge CssParser::RecordProperty Type Confusion

Microsoft Edge: Type confusion in CssParser::RecordProperty CVE-2017-8496 There is a type confusion vulnerability in Microsoft Edge. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit OS version 1607, OS build 14393.1198 and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML...

Microsoft Edge - 'CssParser::RecordProperty' Type Confusion

function go window.addEventListener"DOMAttrModified", undefined; m.style.cssText = "clip-path: urlfoo;"; !-- ========================================= Preliminary analysis: The crash happens inside CAttrArray::PrivateFindInl. Rcx this pointer is supposed to point to a CAttrArray but it actually...

Debian DSA-2188-1 : webkit - several vulnerabilities

Several vulnerabilities have been discovered in WebKit, a Web content engine library for GTK+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1783 WebKit does not properly handle dynamic modification of a text node, which allows remote attackers to...

CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets CSS token sequences, which allows remote attackers ...

Type confusion

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets CSS token sequences, which allows remote attackers ...

CVE-2010-4577

Removed by vendor...

CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets CSS token sequences, which allows remote attackers ...

CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets CSS token sequences, which allows remote attackers ...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5890)

The Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content could be injected into an...