SUSE CVE-2013-6626

The WebContentsImpl::AttachInterstitialPage function in content/browser/webcontents/webcontentsimpl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site...

CVE-2014-6392

Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...

Cross site scripting

Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...

Code injection

The WebContentsImpl::AttachInterstitialPage function in content/browser/webcontents/webcontentsimpl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site...

CVE-2013-6626

The WebContentsImpl::AttachInterstitialPage function in content/browser/webcontents/webcontentsimpl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site...

CVE-2013-6626

Removed by vendor...