Lucene search
K

21 matches found

Debian CVE
Debian CVE
added 2021/08/05 7:46 p.m.22 views

CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain with the new domain correctly shown in the address bar resulting in possible user confusion. This vulnerability affects Firefox ...

6.5CVSS8.1AI score0.00965EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/07/15 12:0 a.m.19 views

CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain with the new domain correctly shown in the address bar resulting in possible user confusion. This vulnerability affects Firefox ...

6.5CVSS6.8AI score0.00965EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.36 views

Mozilla Firefox < 90.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 90.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-28 advisory. - If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host -...

9.8CVSS7.4AI score0.03582EPSS
Exploits3References10
Veracode
Veracode
added 2019/05/02 6:10 a.m.24 views

Memory Corruption

Firefox is vulnerable to memory corruption attacks. This occurs during DOM manipulations of accessibility tree through script, the DOM tree can become out sync with the accessibility tree, crashing the application which results in denial of service...

9.8CVSS9.2AI score0.06681EPSS
Exploits3References17Affected Software2
NVD
NVD
added 2018/06/11 9:29 p.m.22 views

CVE-2017-5464

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS9.3AI score0.02567EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2017/02/02 4:38 a.m.5 views

Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

9.8CVSS7.2AI score0.03208EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2017/01/27 12:0 a.m.44 views

Mozilla Firefox Security Advisories (MFSA2017-01, MFSA2017-02) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

9.8CVSS7.6AI score0.33199EPSS
Exploits22References1
Zero Day Initiative
Zero Day Initiative
added 2015/02/10 12:0 a.m.27 views

Microsoft Internet Explorer Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

2.6CVSS5.4AI score0.15525EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2013/06/27 12:0 a.m.29 views

Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS3.6AI score0.19345EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2013/06/27 12:0 a.m.23 views

Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.1CVSS2.7AI score0.19345EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2013/05/29 12:0 a.m.40 views

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with the...

6.8CVSS3.1AI score0.38223EPSS
Exploits1References1
NVD
NVD
added 2011/03/03 8:0 p.m.20 views

CVE-2011-0116

Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to DO...

7.6CVSS7.4AI score0.03181EPSS
Exploits0References8
Prion
Prion
added 2011/03/03 8:0 p.m.20 views

Design/Logic Flaw

Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to DO...

7.6CVSS8AI score0.03181EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2011/03/03 8:0 p.m.30 views

CVE-2011-0116

Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to DO...

7.6CVSS6.2AI score0.03181EPSS
Exploits0References2
Prion
Prion
added 2011/03/03 8:0 p.m.20 views

Memory corruption

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a...

7.6CVSS8AI score0.03181EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2011/03/03 7:0 p.m.31 views

CVE-2011-0115

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a...

9.4AI score0.03181EPSS
Exploits0References7
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.59 views

ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability

ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-097 March 2, 2011 -- CVE ID: CVE-2011-0116 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple WebKit --...

7.6CVSS0.6AI score0.03181EPSS
Exploits0
NVD
NVD
added 2010/07/08 12:54 p.m.19 views

CVE-2010-2661

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...

4.3CVSS7.4AI score0.02272EPSS
Exploits0References9
Cvelist
Cvelist
added 2010/07/07 6:0 p.m.25 views

CVE-2010-2661

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations...

7.4AI score0.02272EPSS
Exploits0References9
CVE
CVE
added 2010/07/07 6:0 p.m.52 views

CVE-2010-2661

Opera before 10.54 (Windows/Mac) and before 10.60 (Unix) does not properly restrict access to the full pathname of a file selected for upload, potentially exposing sensitive information via DOM manipulations. Affected components/versions include the described Opera releases; CVE-2010-2661 is the ...

4.3CVSS7.3AI score0.02272EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder