CVE-2005-2266

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords...

Fedora Core 4 2005-409: elinks

The remote host is missing the patch for the advisory FEDORA-2005-409 elinks. Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage over graphical browsers is its speed--Links starts and exits quickly an...

opera -- "javascript:" URL cross-site scripting vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to read local files. The vulnerability is caused due to Opera not properly restricting the privileges of "javascript:" URLs...

CVE-2005-0527

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."...

security flaw

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."...

CVE-2005-0527

CVE-2005-0527 affects Firefox 1.0 (Mozilla/Firefox family) where plugins can load privileged content into frames, enabling remote code execution as demonstrated by Firescrolling when a user drags a scrollbar twice. Connected advisories show this as part of broader Mozilla/XPCOM plugin access issu...

wpa_supplicant (WPA/WPA2 IEEE 802.11i support) buffer overflow

Buffer overflow on EAPOL-Key frames parsing...

wpa_supplicant: Buffer overflow vulnerability

Background wpasupplicant is a WPA Supplicant with support for WPA and WPA2 IEEE 802.11i / RSN. Description wpasupplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames. Impact An attacker could cause the crash of wpasupplicant using a specially...

CVE-2002-1187

Cross-site scripting vulnerability XSS in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource...

Konqueror < 3.1.x Sub-Frames XSS

Binary data 1741.prm...

Cisco 6000/6500/7600 series systems fail to properly process layer 2 frames

Overview Cisco 6000/6500/7600 series systems with Multilayer Switch Feature Card 2 MSFC2 fail to properly process layer 2 frames. Description Cisco 6000/6500/7600 series systems with MSFC2 contain a vulnerability in the way layer 2 frames are processed in software. By sending a specially crafted...

Cisco link level frames DoS

Link level frame with size mismatched to network leyer size can cause device to crash or hang...

Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames

Overview A vulnerability in the way Microsoft Internet Explorer IE handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookie...

CVE-2002-1187

Cross-site scripting vulnerability XSS in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource...

CVE-2002-1151

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains...

Microsoft Internet Explorer contains cross-site scripting vulnerabilities in local HTML resources

Overview Microsoft Internet Explorer IE includes several local HTML resources that contain cross-site scripting vulnerabilities. These resources use the dialogArguments property of dialog frames insecurely, allowing an attacker to execute arbitrary script in the Local Machine Zone. Description...

Internet explorer and Konquerror frames crossite scripting

For sites with frame it's possible to execute script by spoofing location of one of frames...

Clicky Web Pseudo-frames 1.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. Pseudo-frames permit remote file including. As a result, a remote attacker may include an arbitrary file located on a remote host. If this file is a PHP script, it...

CVE-1999-0801

CVE-1999-0801 affects BMC Patrol. The issue allows remote attackers to gain access to a Patrol agent by spoofing frames, as described in multiple contributor records. The connected documents confirm the vulnerability’s existence and describe the impact as unauthorized agent access via frame spoof...

PT-1999-1381 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.0 Description: The issue allows frame spoofing due to the enabled "Navigate sub-frames across different domains" option by default. Recommendations: For Internet Explorer version 5.0, disable the "Navigate...