74 matches found
Spoofing Attack
firefox is vulnerable to spoofing. The vulnerability exists through a logic flaw in the location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element...
CVE-2020-12394
The Mozilla Foundation Security Advisory describes this flaw as: A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element...
CVE-2020-12394
A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox 76...
CVE-2011-2808
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed...
The vulnerabilities of the Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to the use of memory after it is freed. Exploiting these vulnerabilities allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information ...
CVE-2018-12360
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...
Mozilla: Use-after-free using focus()
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...
Mozilla: Use-after-free using focus()
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...
CVE-2018-12360
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...
UBUNTU-CVE-2018-12360
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...
CVE-2017-15646
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...
Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)
VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...
The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.
The Google Chrome browser contains a vulnerability related to memory reuse after deallocation use-after-free error in the browser/ui/views/speechrecognitionbubbleviews.cc file. Exploiting this vulnerability allows malicious actors to remotely cause system failures or other adverse effects through...
The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.
The Google Chrome browser contains a vulnerability related to memory reuse after deallocation use-after-free error in the browser/ui/views/speechrecognitionbubbleviews.cc file. Exploiting this vulnerability allows malicious actors to remotely cause system failures or other adverse effects through...
CVE-2015-7520
Multiple cross-site scripting XSS vulnerabilities in the 1 RadioGroup and 2 CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element...
CVE-2015-7520
Multiple cross-site scripting XSS vulnerabilities in the 1 RadioGroup and 2 CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element...
Google Chrome Blink Memory Misreference Vulnerability (CNVD-2015-01547)
Google Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the core/html/HTMLInputElement.cpp file in the DOM implementation of Blink used in versions prior to Google Chrome 41.0.2272.76. A remote attacker can exploit this vulnerability to cause a denia...
UBUNTU-CVE-2015-1223
Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...
chromium-browser: Use-after-free in dom
Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...
Microsoft Internet Explorer CInput onfocus Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...