CVE-2010-2442

Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."...

CVE-2010-2441

WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295...

CVE-2010-2442

CVE-2010-2442 concerns Microsoft Internet Explorer (noted as IE 8 or similar) where the browser does not properly restrict focus changes, enabling a remote attacker to read keystrokes through cross-domain IFRAME gadgets. The primary affected component is the browser’s handling of focus and cross-...

CVE-2010-2441

CVE-2010-2441 in WebKit: improper restrictions on focus changes enables reading keystrokes via cross-domain IFRAME gadgets. The issue is addressed by openSUSE/libwebkit updates to WebKit 1.2.7 (examples: openSUSE-SU-2011:0024/0458-1 patches for libwebkit) which list CVE-2010-2441 among fixed bugs...

CVE-2010-2441

Removed by vendor...

CVE-2010-1757

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document...

CVE-2010-1757

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document...

Design/Logic Flaw

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...

CVE-2010-1407

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...

CVE-2010-1407

CVE-2010-1407 affects WebKit in Apple iOS prior to version 4, where history.replaceState implemented with IFRAME handling could allow a remote attacker to obtain sensitive information via a crafted HTML document. The NVD entry assigns a CVSS v2 base score of 4.3 (Medium) with network attack vecto...

CVE-2010-1757

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document...

PT-2010-3103 · Apple · Ios

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 4 Description: The issue concerns the improper implementation of the history.replaceState method in certain situations involving IFRAME elements, allowing remote attackers to obtain sensitive information via a...

PT-2010-3395 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 4 Description: The issue concerns the WebKit component in Apple iOS, which fails to enforce proper boundary restrictions on content displayed by an IFRAME element. This allows remote attackers to spoof the user...

focus() behavior can be used to inject or steal keystrokes — Mozilla

Google security researcher Michal Zalewski reported that focus could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behavior was also present across origins when content from one domain was embedded within...

DEBIAN-CVE-2010-2273

Multiple cross-site scripting XSS vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to...

DoS attacks on email clients via protocol handlers

Hello 3APA3A! I want to warn you about security vulnerabilities in email clients, particularly in Outlook Express and Outlook. This advisory is concerned with my series of advisories about vulnerabilities in browsers, which belong to group of DoS via protocol handlers. ---------------------------...

Opera 'IFRAME' Denial Of Service vulnerability (Windows)

The host is installed with Opera Browser and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gboperaiframedosvulnwin.nasl 5323 2017-02-17 08:49:23Z teissa $ Opera 'IFRAME' Denial Of Service vulnerability Windows Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone...

Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows)

The host is installed with Mozilla Firefox browser and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbmozillafirefoxiframedosvulnwin.nasl 5323 2017-02-17 08:49:23Z teissa $ Mozilla Firefox 'IFRAME' Denial Of Service vulnerability Windows Authors: Antu Sanadi...

Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)

This host is installed with Internet Explorer and is prone to Denial Of Service vulnerability. OpenVAS Vulnerability Test $Id: gbmsieiframedosvulnjune10.nasl 5323 2017-02-17 08:49:23Z teissa $ Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability June-10 Authors: Antu Sanadi...

Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10

This host is installed with Internet Explorer and is prone to Denial Of Service vulnerability. OpenVAS Vulnerability Test $Id: gbmsieiframedosvuln.nasl 5323 2017-02-17 08:49:23Z teissa $ Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability - june 10 Authors: Antu Sanadi Copyright:...