Stable and Beta Channel Updates

The Chrome Stable and Beta channels have been updated to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame. This release fixes issues including: black screen on Hybrid Graphics system with GPU accelerated compositing enabled Issue: 117371 CSS not applied to element Issue: 114667 Regression...

CVE-2011-3056

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."...

CVE-2011-3056

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."...

CVE-2011-3056

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."...

CVE-2011-3056

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."...

CVE-2011-3056

CVE-2011-3056 affects Google Chrome prior to 17.0.963.83, where a cross-origin policy bypass is possible via a vector involving a “magic iframe.” The underlying issue is a Same Origin Policy bypass in the browser’s handling of iframes, enabling partial confidentiality/integrity exposure. The publ...

CVE-2011-3056

Removed by vendor...

Safari for windows 64 iframe Blue Screen Of Death (BSoD)

iframe 标签 64位的Win7系统崩溃的标签，它将导致 Win7 发生著名的蓝屏错误 Blue Screen Of Death BSoD. 该漏洞在64位的Win7下的Safari 浏览器测试 该漏洞是由于 win32k.sys 的一个错误导致内存的崩溃，当页面上包含一个 iframe，其 height 属性是个非常大的值时该错误就会发生。 目前该漏洞仅存在于64位的win7系统 0 Safari for windows 64 目前尚无有效方案 iframe height='18082563'/iframe...

Mozilla Foundation Security Advisory 2012-03

Mozilla Foundation Security Advisory 2012-03 Title: iframe element exposed across domains via name attribute Impact: High Announced: January 31, 2012 Reporter: Alex Dvorov Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 10.0 Thunderbird 10.0 SeaMonkey 2.7 Description Alex Dvorov...

FreeBSD : mozilla -- multiple vulnerabilities (0a9e2b72-4cb7-11e1-9146-14dae9ebcf89)

The Mozilla Project reports : MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal ...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal o...

4Images 1.7.6 Cross Site Request Forgery

!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...

4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection

!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...

GreenBrowser double free

Double free on iframe tag...

GreenBrowser iframe content Double Free Vulnerability

GreenBrowser searchbar iframe content Double Free Vulnerability ------------------------------------------------------------------ I. Summary All versions of GreenBrowser is prone to a vulnerability which leads to arbitrary code execution. A Double Free of iframe object is triggered by its shortc...

Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability

Microsoft Windows 7 Professional 64-bit is prone to a memory corruption vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.902810. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

CVE-2011-5046

The Graphics Device Interface GDI in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers...

Android浏览器证书伪造漏洞

Open Handset Alliance Android是一款超过30家科技与移动电话公司所组成的团体开发的免费的移动电话平台 由于浏览器显示错误证书信息，可通过iframe可使用其他合法站点的证书，使用户信任当前网页内容 0 Android 3.x 厂商解决方案 目前没有详细解决方案提供： http://www.android.com/...

Google Crome for Androind certificate information spoofing

It's possible to spoof certificate information by using IFRAME...

Windows 7 64 bit Memory Corruption Vulnerability

Windows 7 64 bit Memory Corruption Vulnerability A person known by the alias of "w3bd3vil " on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in...