CVE-2002-2100

Technical details about CVE-2002-2100 are not publicly available in the provided connected documents. The description confirms Outlook 2002 as affected via IFRAME content, but no root cause, affected versions, or fixes are disclosed. Monitor for updates.

Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is an all-in-one Internet application suite including a web browser, an advanced e-mail and newsgroup client, IRC client and HTML editor. Description The following vulnerabilities were found and fixed in the Mozilla Suite: "mozbugra4" and "shutdown" discovered that th...

FreeBSD : mozilla -- code execution via javascript: IconURL vulnerability (eca6195a-c233-11d9-804c-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. - The problem is that 'IFRAME' JavaScript URLs are not properly protected from...

Mozilla Suite, Mozilla Firefox: Remote compromise

Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Description The Mozilla Suite and Firefox do not properly protect "IFRAME" JavaScript URLs from being executed in context...

CVE-2004-2015

Cross-site scripting XSS vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via 1 iframe, 2 img, or 3 object tags...

CVE-2004-2015

CVE-2004-2015 is an XSS vulnerability in WebCT Campus Edition. The issue allows remote attackers to inject arbitrary HTML or web script through iframe, img, or object tags. The available documents confirm the affected product and the vulnerable vectors but do not specify root cause details beyond...

CVE-2005-1476

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477...

CVE-2005-1476

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477...

CVE-2005-1476

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477...

mozilla -- code execution via javascript: IconURL vulnerability

A Mozilla Foundation Security Advisory reports: Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. The problem is that "IFRAME" JavaScript URLs are not properly protected from bein...

CVE-2005-1189

Cross-site scripting XSS vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites...

CVE-2005-1189

Cross-site scripting XSS vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites...

[Full-disclosure] Invision Iframe Bug

Hi, I've found a bug in Invision Board, it let's you send private messages around, change people their signature, avatar, etc. If the administrator doesn't filter all the html tags on a forum or just forgets, which is often the case you can add an invisible iframe to your post. Now if you just...

Invision Power Board HTTP POST Request IFRAME Tag XSS

The version of Invision Power Board installed on the remote host does not properly sanitize HTML tags, which enables a remote attacker to inject a malicious IFRAME when posting a message to one of the hosted forums. This could cause arbitrary HTML and script code to be executed in the context of...

Invision Power Board 1.x2.0 - HTML Injection

Invision Power Board 1.x2.0 - HTML Injection source: https://www.securityfocus.com/bid/12888/info Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of...

Invision Power Board 1.x/2.0 - HTML Injection

source: https://www.securityfocus.com/bid/12888/info Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of HTML tags, an attacker can inject an IFRAME...

CVE-2004-2476

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service infinite loop and crash via an IFRAME with "?" as the file source...

CVE-2004-1050

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...

CVE-2004-2015

Cross-site scripting XSS vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via 1 iframe, 2 img, or 3 object tags...

[Full-Disclosure] Disclosure of local file content in Mozilla Firefox and Opera

Disclosure of local file content in Mozilla Firefox and Opera Note: I don't know if it could be considered really a security problem, anyway i'll try to explain my ideas. Sorry for my bad english. Author: Giovanni Delvecchio Applications affected: - Firefox 1.0 - Mozilla 1.7 - Opera 7.54 maybe al...