6145 matches found
Firefox < 3.0.12 Multiple Vulnerabilities
The installed version of Firefox is earlier than 3.0.12. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. MFSA 2009-34 - It may be possible to crash the browser or...
CVE-2009-2483
libprop/propobject.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service NULL pointer dereference and kernel panic via a malformed externalized plist XML form containing an undefined element...
kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...
Firefox 2 and 3 Layout engine crash
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...
CVE-2009-2044
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service application crash via a URI for a large GIF image in the BACKGROUND attribute of a BODY element...
CVE-2009-1694
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site...
CVE-2009-1694
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site...
Cross site scripting
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."...
CVE-2009-1693
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."...
CVE-2009-1694
CVE-2009-1694 affects WebKit in Apple Safari
CVE-2009-1712
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element...
Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set element...
Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability (Windows)
The host is installed with Mozilla Firefox browser and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxkeygendosvulnwin.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability Windows Authors: Antu Sanadi Copyright: Copyrig...
Code injection
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...
CVE-2009-1828
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...
CVE-2009-1828
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...
CVE-2009-1828
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...
CVE-2009-1827
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service application hang via a large value in the r aka Radius attribute of a circle element, related to an "unclamped loop."...
CVE-2009-1828
CVE-2009-1828 : Mozilla Firefox, version 3.0.10, is vulnerable to a remote DoS via a KEYGEN element when combined with (1) a META tag for automatic page refresh or (2) a BODY onLoad event. The description notes that earlier versions may also be affected. The provided documents do not include an e...
Design/Logic Flaw
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a w...