CVE-2010-2454

Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206...

CVE-2010-2454

Removed by vendor...

CVE-2010-0183

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus...

CVE-2010-0183

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus...

Design/Logic Flaw

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus...

CVE-2010-0183

CVE-2010-0183 is a use-after-free in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5. The issue is in nsCycleCollector::MarkRoots and is triggered by crafting an HTML document via improper frame construction for menus, allowing remote code execution. Affected products include Firef...

CVE-2010-0183

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus...

Content-Disposition: attachment ignored if Content-Type: multipart also present

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...

Design/Logic Flaw

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...

CVE-2010-1407

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...

CVE-2010-1407

CVE-2010-1407 affects WebKit in Apple iOS prior to version 4, where history.replaceState implemented with IFRAME handling could allow a remote attacker to obtain sensitive information via a crafted HTML document. The NVD entry assigns a CVSS v2 base score of 4.3 (Medium) with network attack vecto...

CVE-2010-1757

CVE-2010-1757: WebKit in Apple iOS before 4 on the iPhone/iPod touch does not enforce boundary restrictions on IFRAME content, allowing remote UI spoofing via a crafted HTML document. The available documents identify affected software and impact but do not provide exploitation details or explicit...

CVE-2010-1407

Removed by vendor...

Design/Logic Flaw

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, a...

CVE-2010-1769

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, a...

CVE-2010-1769

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, a...

CVE-2010-1769

Removed by vendor...

CVE-2010-2295

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE:...

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table...

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table...