Mozilla Foundation Security Advisory 2008-13

Mozilla Foundation Security Advisory 2008-13 Title: Multiple XSS vulnerabilities from character encoding Impact: Moderate Announced: March 25, 2008 Reporter: Alexey Proskuryakov, Yosuke Hasegawa, Simon Montagu Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0....

Multiple XSS vulnerabilities from character encoding — Mozilla

WebKit developer Alexey Proskuryakov reported that the Mozilla HTML parser treated the backspace character as whitespace contrary to the HTML specification and different from other browsers. This difference might lead to Cross-site Scripting XSS risks on sites which filtered input in accordance...

Ubuntu 4.10 : gaim vulnerabilities (USN-85-1)

The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. CAN-2005-0208, CAN-2005-0473 Another lack of sufficient input validation was found in the 'Oscar' protoc...

USN-85-1: Gaim vulnerabilities

The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. CAN-2005-0208, CAN-2005-0473 Another lack of sufficient input validation was found in the "Oscar" protoc...

CVE-2004-1312

The CVE-2004-1312 issue is a bug in a Microsoft HTML library used by third‑party products (notably GFI MailEssentials for Exchange and GFI MailSecurity for Exchange) that can cause remote denial of service when processing certain strings. Affected products include GFI MailEssentials (versions 9/1...

Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser

CSIS Security Advisory: CSIS2005-1 Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser Date Published: 3rd of January 2005 Product description: GFI MailEssentials for Exchange/SMTP offers spam protection and email management at server level. GFI MailEssentials offers a fast...

Microsoft HTML parser DoS

Invalid javascript handling causes application compiled with libarary fails...

O3Read 0.0.3 - HTML Parser Buffer Overflow

source: https://www.securityfocus.com/bid/12000/info o3read is prone to a buffer overflow vulnerability. This issue is exposed when the program parses HTML content during file format conversion. This issue is considered to be remote in nature since it is possible that files may originate from an...

O3Read 0.0.3 - HTML Parser Buffer Overflow

O3Read 0.0.3 - HTML Parser Buffer Overflow source: https://www.securityfocus.com/bid/12000/info o3read is prone to a buffer overflow vulnerability. This issue is exposed when the program parses HTML content during file format conversion. This issue is considered to be remote in nature since it is...

Cisco VPN 3000 Concentrator HTML Interface Long URL DoS (CSCdu15622)

The remote VPN concentrator has a vulnerability in its HTML parser processor. This vulnerability is documented as Cisco bug ID CSCdu15622. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...

CVE-2001-0130

The CVE-2001-0130 entry describes a buffer overflow in the HTML parser of Lotus Domino components: Lotus R5 Domino Server prior to 5.06 and Domino Client prior to 5.05. The overflow is triggered by a malformed font size specifier and can allow remote attackers to cause a denial of service and pot...

CVE-2001-0130

Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier...

CVE-2001-0322

CVE-2001-0322 concerns MSHTML.DLL HTML parser in Internet Explorer 4.0 and newer, where a script that creates and deletes an object tied to the browser window object can trigger a denial of service (application crash). The vulnerability is described as remote, with impact limited to availability ...

CVE-2000-1187

CVE-2000-1187 involves a buffer overflow in the HTML parser of Netscape 4.75 and earlier. The vulnerability allows remote attackers to execute arbitrary commands by supplying a long password value in a form field. The available documents explicitly describe the affected component (HTML parser), t...

CVE-2000-1187

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field...

CVE-2000-1187

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field...