17 matches found
EUVD-2009-2960
Malware in sbrugna...
CVE-2007-5896
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...
CVE-2014-1713
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have...
CVE-2014-1713
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have...
CVE-2014-1713
Removed by vendor...
CVE-2014-1713
CVE-2014-1713 is a use-after-free in the AttributeSetter function of bindings/templates/attributes.cpp within Blink used by Google Chrome. The flaw affects Chrome prior to 33.0.1750.152 on OS X/Linux and prior to 33.0.1750.154 on Windows, allowing a remote attacker to cause a denial of service or...
Mozilla Firefox 'document.location' Denial Of Service Vulnerability
Firefox browser on Windows XP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Stack overflow
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service browser crash or execute arbitrary code via a long Document.Location property value...
CVE-2008-7103
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service browser crash or execute arbitrary code via a long Document.Location property value...
Design/Logic Flaw
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cau...
CVE-2009-2974
Removed by vendor...
CVE-2009-2975
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cau...
CVE-2009-1413
Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context o...
CVE-2009-1412
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that...
CVE-2007-5896
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...
Design/Logic Flaw
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service application crash via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location...
XSS flaw in MG2 Image Gallery (v.0.5.1)
Users can inject XSS into the form field "Name", when adding a comment on a picture. This will lead to the execution of XSS code. Simple scripting like scriptalert'hello'/script , and more advanced document.location, and document.cookie works. This has been tested on version 0.5.1. Other versions...