Use-after-free during HTML5 parsing — Mozilla

Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open. This leads to a potentially exploitable crash...

CVE-2007-3826

Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called...

CVE-2007-3826

Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called...

MSIE7 entrapment again (+ FF tidbit)

Hello again, Microsoft Internet Explorer seems to have a soft spot for browser entrapment vulnerabilities. Just to recap, in these attacks, the user is made believe he had left a webpage and the URL bar or SSL state data reinforce him in this belief - but in reality, is prevented from doing so, a...

Microsoft Internet Explorer does not properly handle document.open()

Overview Microsoft Internet Explorer contains a vulnerability in which a script from one source is permitted to access files on the client's file system. An attacker may be able to read cookies and other files on a target system, and spoof Internet sites by creating believable window titles...