CVE-2010-3262

Cross-site scripting XSS vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed...

CVE-2010-3262

The CVE-2010-3262 affects Flock Browser 3.x prior to 3.0.0.4114, where a crafted RSS feed can trigger a cross-site scripting (XSS) vulnerability. The issue is a client-side XSS in the RSS feed handling, allowing arbitrary script or HTML execution when the feed is viewed. Public sources consistent...

[FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-03 http://flock.com/security/ Title: javascript: url with a leading NULL byte can bypass cross origin protection XSS Impact: High Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4112 CVEs cve.mitre.org:...

[FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-02 http://flock.com/security/ Title: A malicious RSS feed can bypass cross origin protection XSS Impact: High Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4114 CVEs cve.mitre.org: CVE-2010-3262 Details: A...

[FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-01 http://flock.com/security/ Title: A malformed favourite can bypass cross origin protection XSS Impact: Moderate Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4094 CVEs cve.mitre.org: CVE-2010-3202 Details...

Flock browser crossite scripting

Multiple crossite scripting vulnerabilities...

[FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-04 http://flock.com/security/ Title: window.open Method Javascript Same-Origin Policy Violation XSS Impact: High Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4094 CVEs cve.mitre.org: CVE-2010-0661 Details:...

CVE-2010-3202

Cross-site scripting XSS vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark...

Cross site scripting

Cross-site scripting XSS vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark...

CVE-2010-3202

CVE-2010-3202 : Flock Browser 3.x is vulnerable to a cross-site scripting (XSS) via a malformed bookmark. The issue allows an attacker to inject arbitrary script/HTML through a crafted bookmark, with the base CVSS v2 score of 4.3 (Medium) and no authentication required. The reported vector is AV:...

CVE-2010-3202

Cross-site scripting XSS vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark...

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

Flock Browser 3.0.0.3989 Malformed Bookmark XSS Vendor URL: http://beta.flock.com/ Advisore: http://lostmon.blogspot.com/2010/08/flock-browser-3003989-malformed.html Vendor notify:NO exploits availables:YES Flock is faster, simpler, and more friendly. Literally. It's the only sleek, modern web...

Flock Browser 3.0.0 - Malformed Bookmark HTML Injection

source: https://www.securityfocus.com/bid/42556/info Flock Browser is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browse...

Flock Browser 3.0.0 - Malformed Bookmark HTML Injection

Flock Browser 3.0.0 - Malformed Bookmark HTML Injection source: https://www.securityfocus.com/bid/42556/info Flock Browser is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and...

Flock Web Browser 2.5.6 Denial Of Service

====================================================================== Flock web browser v2.5.6 Remote Memory Corrupt Crash Exploit ====================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /...

Cross site scripting

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting...

CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting...

CVE-2010-1236

CVE-2010-1236 affects WebKit’s WebCore component (protocolIs in platform/KURLGoogle.cpp). The issue is improper handling of leading whitespace in a URL, enabling cross-site scripting via crafted javascript: URLs. Affects Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112. T...

CVE-2010-1236

Removed by vendor...

Netscape Navigator - Namoroka - Flock <= URL Code Execution Exploit

Exploit for unknown platform in category remote exploits =================================================================== Netscape Navigator - Namoroka - Flock firelinking By eidelweiss var pf = navigator.platform.toLowerCase; if pf.indexOf"win" != -1 var os = "win"; else if pf.indexOf"linux" ...