CVE-2010-1991

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRAM...

CVE-2010-1990

Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRA...

Hardcoded credentials

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRAM...

Hardcoded credentials

Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRAME elements...

Design/Logic Flaw

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

CVE-2010-1992

CVE-2010-1992 concerns Google Chrome 1.0.154.48, where an HTML document containing many IFRAMEs with src set to a mailto: URL can trigger the browser to launch the mail application repeatedly, causing a denial of service. Root cause: IFRAME elements with mailto: in SRC attribute. Impact: local/re...

CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

CVE-2010-1992

Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRAME elements...

CVE-2010-1993

Opera 9.52 is affected by CVE-2010-1993 due to improper handling of an IFRAME element with a mailto: URL in the SRC attribute, enabling denial of service via a page with many IFRAMEs. Public advisories (SUSE openSUSE GLSA 201206-03 and related Nessus plugins) describe upgrades to Opera 10.60 as t...

CVE-2010-1992

Removed by vendor...

Main PHP-Nuke Site Compromised

The main site for the PHP-Nuke content management system software has been compromised and is serving malicious iFrame exploits to visitors. Researchers at Websense found that the phpnuke.org site is currently serving several different exploits. The attack uses the common iFrame-redirection...

Safari JavaScriptCore.dll Stack Exhaustion

Problem Event Name: APPCRASH Application Name: Safari.exe Application Version: 5.31.22.7 Application Timestamp: 4b8f94fa Fault Module Name: JavaScriptCore.dll Fault Module Version: 5.31.22.5 Fault Module Timestamp: 4b8cb88c Exception Code: c00000fd Exception Offset: 000889f7 OS Version:...

Apple Safari 4.0.5 - JavaScriptCore.dll Stack Exhaustion

Apple Safari 4.0.5 - JavaScriptCore.dll Stack Exhaustion window.print; a; function a setIntervalb,0; function b var c = document.createElement"iframe"; c.setAttribute"src",document.location; document.getElementsByTagName"body"0.appendChildc; setIntervala,0;...

JIRA is vulnerable to clickjacking attacks

A clickjacking attack on JIRA would most likely take the form of a third-party site, containing an invisible iframe on top of an unrelated page. The iframe would contain a page in JIRA. The victim would believe he was clicking on the other site but would actually be clicking in JIRA and performin...

JIRA is vulnerable to clickjacking attacks

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-21101. panel A clickjacking attack on JIRA would most likely take the form of a third-party site, containing an invisible iframe on top of a...

Net Solutions' Hack Heightens Role of ISP in App Layer Security

According to research, the malicious iframe used in the latest Network Solutions attack pointed to corpadsinc.com which then downloads Adobe exploits onto victims’ machines. The hacks raise an issue increasingly being faced by Website owners: what’s the responsibility of the ISP or service or clo...

CVE-2009-3385

CVE-2009-3385 affects Mozilla SeaMonkey prior to 1.1.19. The vulnerability lies in the mail/HTML rendering component where scriptable plugin content (e.g., Flash) could be loaded and executed inside an iframe in HTML emails. This could allow a user-assisted attacker to access sensitive data or lo...

Apple Safari 'SRC' Remote Denial Of Service Vulnerability

This host is installed with Apple Safari Web Browser and is prone to to Denial of Service vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafaricfnetworksrcdosvuln.nasl 7174 2017-09-18 11:48:08Z asteins $ Apple Safari 'SRC' Remote Denial Of Service Vulnerability Authors: Antu Sanadi...

Code injection

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service application crash via a long string in the SRC attribute of a 1 IMG or 2 IFRAME element...