Lucene search
K

66 matches found

Packet Storm
Packet Storm
added 2017/11/22 12:0 a.m.59 views

WebKit WebCore::DocumentLoader::frameLoader Use-After-Free

WebKit: use-after-free in WebCore::DocumentLoader::frameLoader CVE-2017-13794 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= function go iframe.name...

7AI score0.06712EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/11/22 12:0 a.m.38 views

WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free

function go iframe.name = "foo"; var form = document.createElement"form"; iframe.src = "data:text/html,foo"; form.submit; window.onbeforeunload = f; function f document.head.appendChilddel; ::get /Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x8664+0x45a...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/06/21 4:36 a.m.5 views

Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

9.8CVSS7.3AI score0.02665EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2017/06/14 3:31 p.m.43 views

Mozilla Fixes 32 Vulnerabilities in Firefox 54

Mozilla fixed 32 vulnerabilities, including a critical bug that could have resulted in a crash, with the release Tuesday of Firefox 54, the latest version of its flagship browser. The critical bug, a use-after-free vulnerability, was dug up by longtime bug hunter Nils. The vulnerability...

7.5CVSS0.8AI score0.02665EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/06/14 7:51 a.m.7 views

Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

9.8CVSS7.3AI score0.02665EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2017/06/14 12:0 a.m.21 views

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

9.8CVSS7.1AI score0.02665EPSS
Exploits0References4
OSV
OSV
added 2017/06/14 12:0 a.m.5 views

UBUNTU-CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

9.8CVSS7.2AI score0.02665EPSS
Exploits0References5
seebug.org
seebug.org
added 2017/06/06 12:0 a.m.64 views

WebKit: UXSS via CachedFrameBase::restore

This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true, cachedFrame.isMainFrame; Click anywhere... function...

6.9AI score
Exploits0
0day.today
0day.today
added 2017/06/01 12:0 a.m.23 views

WebKit CachedFrameBase::restore Universal Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications WebKit: UXSS via CachedFrameBase::restore This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void...

Exploits0
Packet Storm
Packet Storm
added 2017/06/01 12:0 a.m.46 views

WebKit CachedFrameBase::restore Universal Cross Site Scripting

WebKit: UXSS via CachedFrameBase::restore This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true,...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/06/01 12:0 a.m.11 views

WebKit - CachedFrameBase::restore Universal Cross-Site Scripting

WebKit - CachedFrameBase::restore Universal Cross-Site Scripting Click anywhere... function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function navigatew, url let a = w.document.createElement'a'; a.href = url; a.click; window.onclick = = window.w =...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.48 views

WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting

Click anywhere... function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function navigatew, url let a = w.document.createElement'a'; a.href = url; a.click; window.onclick = = window.w = open'about:blank', 'w', 'width=500, height=500'; let i0 =...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/25 12:0 a.m.41 views

WebKit FrameLoader::clear Variable Theft

WebKit: Stealing variables via page navigation in FrameLoader::clear CVE-2017-2515 void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; mneedsClear = false; if...

0.4AI score0.04683EPSS
Exploits2
exploitpack
exploitpack
added 2017/05/25 12:0 a.m.14 views

WebKit - FrameLoader::clear Stealing Variables via Page Navigation

WebKit - FrameLoader::clear Stealing Variables via Page Navigation pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html'...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2017/04/21 12:0 a.m.78 views

Chrome Universal XSS via reentrancy in FrameLoader::startLoad (CVE-2016-1697)

VULNERABILITY DETAILS From /thirdparty/WebKit/Source/core/loader/FrameLoader.cpp: void FrameLoader::startLoad... ASSERTclient-hasWebView; if mframe-document-pageDismissalEventBeingDispatched != Document::NoDismissal return; ... mframe-document-cancelParsing;...

6.8CVSS8.5AI score0.01849EPSS
Exploits1
seebug.org
seebug.org
added 2017/04/21 12:0 a.m.28 views

Chrome Universal XSS via same document navigations (CVE-2016-1711)

VULNERABILITY DETAILS FrameLoader::loadInSameDocument is vulnerable to a problem similar to the one described in issue 613266: void FrameLoader::loadInSameDocumentconst KURL& url, ... ... // If we have a provisional request for a different document, a fragment scroll should cancel it...

6.8CVSS8.9AI score0.015EPSS
Exploits1
exploitpack
exploitpack
added 2017/02/24 12:0 a.m.27 views

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/02/24 12:0 a.m.57 views

Apple WebKit Pop-Up Blocker Bypass Exploit

AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe. Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe. CVE-2017-2371 The second argument of window.open is a name for the new window. If there's a frame that has same name, it will t...

4.3CVSS7.6AI score0.05719EPSS
Exploits2
exploitpack
exploitpack
added 2017/02/24 12:0 a.m.17 views

Apple WebKit 10.0.2 - FrameLoader::clear Universal Cross-Site Scripting

Apple WebKit 10.0.2 - FrameLoader::clear Universal Cross-Site Scripting domWindow; mframe.document-domWindow-resetUnlessSuspendedForDocumentSuspension; mframe.script.clearWindowShellnewDocument-domWindow, mframe.document-pageCacheState == Document::AboutToEnterPageCache; / Apple WebKit: UXSS via...

Exploits0
0day.today
0day.today
added 2017/02/24 12:0 a.m.55 views

Apple WebKit 10.0.2 - FrameLoader::clear Universal Cross-Site Scripting Exploit

Exploit for multiple platform in category web applications domWindow; mframe.document-domWindow-resetUnlessSuspendedForDocumentSuspension; mframe.script.clearWindowShellnewDocument-domWindow, mframe.document-pageCacheState == Document::AboutToEnterPageCache; / Apple WebKit: UXSS via...

4.3CVSS7.7AI score0.06961EPSS
Exploits3
Rows per page
Query Builder