Lucene search
K

74 matches found

Veracode
Veracode
added 2020/09/21 6:34 a.m.21 views

Spoofing Attack

firefox is vulnerable to spoofing. The vulnerability exists through a logic flaw in the location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element...

3.3CVSS3.1AI score0.00275EPSS
Exploits0References3Affected Software5
RedhatCVE
RedhatCVE
added 2020/05/12 10:36 a.m.19 views

CVE-2020-12394

The Mozilla Foundation Security Advisory describes this flaw as: A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element...

2.1CVSS3.4AI score0.00275EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/05/07 12:0 a.m.21 views

CVE-2020-12394

A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox 76...

3.3CVSS6.8AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/11/06 8:12 p.m.20 views

CVE-2011-2808

A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed...

6.3AI score0.00972EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2019/10/03 12:0 a.m.4 views

The vulnerabilities of the Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to the use of memory after it is freed. Exploiting these vulnerabilities allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information ...

9.3CVSS5.6AI score0.0311EPSS
Exploits0References17Affected Software8
Debian CVE
Debian CVE
added 2018/10/18 1:0 p.m.43 views

CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...

8.8CVSS10AI score0.0311EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/06/28 4:23 p.m.3 views

Mozilla: Use-after-free using focus()

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...

8.8CVSS7.3AI score0.0311EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/06/28 4:23 p.m.5 views

Mozilla: Use-after-free using focus()

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...

8.8CVSS7.3AI score0.0311EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/06/27 12:0 a.m.32 views

CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...

8.8CVSS7.2AI score0.0311EPSS
Exploits0References6
OSV
OSV
added 2018/06/27 12:0 a.m.2 views

UBUNTU-CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...

8.8CVSS7.3AI score0.0311EPSS
Exploits0References7
OSV
OSV
added 2017/10/19 10:29 p.m.19 views

CVE-2017-15646

Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...

6.1CVSS7.6AI score
Exploits0References4
seebug.org
seebug.org
added 2017/04/21 12:0 a.m.21 views

Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

4.3CVSS8AI score0.01085EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The Google Chrome browser contains a vulnerability related to memory reuse after deallocation use-after-free error in the browser/ui/views/speechrecognitionbubbleviews.cc file. Exploiting this vulnerability allows malicious actors to remotely cause system failures or other adverse effects through...

7.5CVSS7.7AI score0.0161EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The Google Chrome browser contains a vulnerability related to memory reuse after deallocation use-after-free error in the browser/ui/views/speechrecognitionbubbleviews.cc file. Exploiting this vulnerability allows malicious actors to remotely cause system failures or other adverse effects through...

7.5CVSS7.7AI score0.0161EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2016/04/12 5:59 p.m.14 views

CVE-2015-7520

Multiple cross-site scripting XSS vulnerabilities in the 1 RadioGroup and 2 CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element...

6.1CVSS6AI score0.05188EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/04/12 5:0 p.m.20 views

CVE-2015-7520

Multiple cross-site scripting XSS vulnerabilities in the 1 RadioGroup and 2 CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element...

6AI score0.05188EPSS
Exploits0References2
CNVD
CNVD
added 2015/03/09 12:0 a.m.3 views

Google Chrome Blink Memory Misreference Vulnerability (CNVD-2015-01547)

Google Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the core/html/HTMLInputElement.cpp file in the DOM implementation of Blink used in versions prior to Google Chrome 41.0.2272.76. A remote attacker can exploit this vulnerability to cause a denia...

7.5CVSS6.7AI score0.01851EPSS
Exploits0References1
OSV
OSV
added 2015/03/08 12:0 a.m.0 views

UBUNTU-CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...

7.5CVSS7.4AI score0.01851EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/03/05 1:59 p.m.3 views

chromium-browser: Use-after-free in dom

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...

7.5CVSS7.5AI score0.01851EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2014/08/12 12:0 a.m.45 views

Microsoft Internet Explorer CInput onfocus Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

6.8CVSS7.6AI score0.16528EPSS
Exploits0References1
Rows per page
Query Builder