75 matches found
CVE-2024-29203
TinyMCE contains a cross-site scripting (XSS) vulnerability in its content insertion code that can allow iframe elements to execute malicious scripts. The issue is mitigated by upgrading to TinyMCE v6.8.1 or newer; multiple advisories also note that patches and later versions (e.g., 7.0.0+) addre...
SUSE CVE-2010-1993
Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...
Rocky Linux 8 : GNOME (RLSA-2021:4381)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4381 advisory. - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted...
The vulnerability of elements in iframe modules for web page rendering in WebKitGTK and WPE WebKit allows attackers to exploit it to compromise the integrity of web page data. This vulnerability is related to the lack of protection for the structure of web pages.
The vulnerability of elements in iframe modules for displaying web pages in WebKitGTK and WPE WebKit is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to compromise data integrity through malicious web content...
Cross site scripting
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
CVE-2021-30744
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
CVE-2021-30744
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
CVE-2021-30744
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
CVE-2019-8754
CVE-2019-8754 describes a cross-origin iframe issue in macOS components. The root cause is a cross-origin security origins tracking flaw that could allow a malicious HTML document to render iframes containing sensitive user information. Apple patched this in macOS Catalina 10.15.1 and Security Up...
CVE-2019-13075
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...
CVE-2018-4319
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
Cross site scripting
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4319
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2018-4319
CVE-2018-4319 describes a cross-origin issue in iframe handling resolved by improved tracking of security origins in WebKit-based components. Affected products include Safari/WebKit on iOS before iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7. Apple security pag...
Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack
A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel...
CVE-2018-4319
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
KLA11323 Multiple vulnerabilities in Apple iTunes
Multiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, read local files. Below is a complete list of...
Remote code execution
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...
CVE-2017-17859
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...
CVE-2016-5160
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...