75 matches found
CVE-2015-1291
Removed by vendor...
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Cross site scripting
Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...
CVE-2015-0599
The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...
Information disclosure
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive informati...
Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...
CVE-2013-1698
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...
Code injection
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...
CVE-2013-1698
CVE-2013-1698 is MFSA 2013-60 describing a getUserMedia permission dialog issue in Mozilla Firefox prior to 22.0, where the dialog displays the top-level page URL instead of the specific page URL, enabling a crafted site to trick users into granting camera/microphone access. Affected product: Moz...
Cross site scripting
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...
CVE-2013-1012
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...
CVE-2013-1012
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...
CVE-2011-3067
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements...
CVE-2011-3067
Removed by vendor...
CVE-2011-2617
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements...
Design/Logic Flaw
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements...
CVE-2011-2617
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements...
CVE-2010-1407
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...