25 matches found
EUVD-2016-2806
Malware in sbrugna...
EUVD-2014-1821
Malware in sbrugna...
CVE-2011-2353
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function...
Design/Logic Flaw
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function...
CVE-2011-2353
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function...
CVE-2011-2353
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function...
chrome: UXSS in DocumentLoader::createWriterFor
Details: thirdparty/WebKit/Source/core/loader/DocumentLoader.cpp:735: cpp PassRefPtrWillBeRawPtr DocumentLoader::createWriterForconst Document ownerDocument, const DocumentInit& init, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch, ParserSynchronizationPolicy...
WebKit: use-after-free in WebCore::DocumentLoader::frameLoader(CVE-2017-13794)
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. ASan log: ================================================================= ==689==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000889c8 at pc 0x000114c94a...
WebKit WebCore::DocumentLoader::frameLoader Use-After-Free
WebKit: use-after-free in WebCore::DocumentLoader::frameLoader CVE-2017-13794 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= function go iframe.name...
WebKit - WebCore::DocumentLoader::frameLoader Use-After-Free
WebKit - WebCore::DocumentLoader::frameLoader Use-After-Free function go iframe.name = "foo"; var form = document.createElement"form"; iframe.src = "data:text/html,foo"; form.submit; window.onbeforeunload = f; function f document.head.appendChilddel; ::get...
WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free
function go iframe.name = "foo"; var form = document.createElement"form"; iframe.src = "data:text/html,foo"; form.submit; window.onbeforeunload = f; function f document.head.appendChilddel; ::get /Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x8664+0x45a...
WebKit - WebCore::DocumentLoader::frameLoader Use-After-Free Exploit
Exploit for multiple platform in category dos / poc function go iframe.name = "foo"; var form = document.createElement"form"; iframe.src = "data:text/html,foo"; form.submit; window.onbeforeunload = f; function f document.head.appendChilddel; ::get...
Chrome Universal XSS via the unload_event module (CVE-2015-6769)
VULNERABILITY DETAILS From /WebKit/Source/core/loader/DocumentLoader.cpp: PassRefPtrWillBeRawPtr DocumentLoader::createWriterForconst Document ownerDocument, const DocumentInit& init, ... LocalFrame frame = init.frame; ASSERT!frame-document || !frame-document-isActive; ASSERTframe-tree.childCount...
Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3041-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3041-1 advisory. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could...
Design/Logic Flaw
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1711
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1697
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...
CVE-2016-1697
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...
CVE-2014-1747
Cross-site scripting XSS vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS UXSS."...
UBUNTU-CVE-2014-1747
Cross-site scripting XSS vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS UXSS."...