Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Mozilla Firefox ESR < 45.9

The version of Firefox ESR installed on the remote Windows host is prior to 45.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-11 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. CVE-2017-5469 - A...

Mozilla Firefox ESR < 52.1

The version of Firefox ESR installed on the remote Windows host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-12 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. CVE-2017-5469 - A...

Mozilla Firefox ESR 45.x < 45.9 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.9. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist in the FLEX generated code due to improper validation of certain input. An...

Chrome Universal XSS through adopting image elements (CVE-2016-1667)

VULNERABILITY DETAILS When a node is being adopted, the tree scope adopter calls |didMoveToNewDocument| on each rescoped node in the tree. The 同理 ， iframe 、 js也采用类似的处理流程 implementation of |didMoveToNewDocument| calls the corresponding method on the related loader, which clears and stops observing...

Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox E...

The vulnerability of Microsoft Edge browser allows a hacker to bypass existing access restrictions policies.

The vulnerability of Microsoft Edge is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing policies that restrict access to HTML elements in other browser windows...

CVE-2017-0135

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140...

CVE-2017-0140

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135...

CVE-2017-0066

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140...

Microsoft Edge Security Bypass Vulnerability (CNVD-2017-03534)

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A security bypass vulnerability exists in Microsoft Edge. An attacker can exploit the vulnerability to trick users into loading malicious web pages to manipulate...

DEBIAN-CVE-2017-6386

Memory leak in the vrendcreatevertexelementsstate function in vrendrenderer.c in virglrenderer allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRGLOBJECTVERTEXELEMENTS commands...

UBUNTU-CVE-2017-5994

Heap-based buffer overflow in the vrendcreatevertexelementsstate function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service out-of-bounds array access and crash via the numelements parameter...

DEBIAN-CVE-2017-5994

Heap-based buffer overflow in the vrendcreatevertexelementsstate function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service out-of-bounds array access and crash via the numelements parameter...

UBUNTU-CVE-2017-6386

Memory leak in the vrendcreatevertexelementsstate function in vrendrenderer.c in virglrenderer allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRGLOBJECTVERTEXELEMENTS commands...

The vulnerability of Google Chrome browser allows a hacker to access certain elements of the user interface.

The vulnerability of the Blink component in Google Chrome relates to the inability to prevent certain user interface elements from being displayed on invisible pages. Exploiting this vulnerability allows a malicious actor to view certain unregulated user interface elements using a specially craft...

Events and disabled form fields

I've been working on the web since I was a small child all the way through to the haggard old man I am to day. However, the web still continues to surprise me. Turns out, mouse events don't fire when the pointer is over disabled form elements, except in Firefox. Serious? Serious. Give it a go. Mo...

CVE-2017-5016

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page...

Design/Logic Flaw

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page...

CVE-2017-5016

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page...