Word Attachment Delivers FormBook Malware, No Macros Required

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and...

Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9761/info Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains. This issue could permit framesets in different domains to leak various events, includin...

opera (important)

opera 11.11 fixes a security vulnerability. Citing http://www.opera.com/support/kb/view/992/: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional...

Design/Logic Flaw

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue...

CVE-2009-3630

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue...

security flaw

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...