CVE-2026-26982

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

SUSE CVE-2010-0166

The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service memory corruption...

Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords

StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other...

Mozilla Seamonkey Multiple Vulnerabilities (Mar 2009) - Windows

Mozilla Seamonkey browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Multiple Vulnerabilities Mar-09 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnmar09win.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Multiple Vulnerabilities Mar-09 Windows Authors: Sharath S Copyright: Copyright c 2009 Greenbone...

Mozilla Foundation Security Advisory 2009-11

Mozilla Foundation Security Advisory 2009-11 Title: URL spoofing with invisible control characters Impact: Low Announced: March 4, 2009 Reporter: Masahiro Yamada Products: Firefox Fixed in: Firefox 3.0.7 Description Mozilla contributor Masahiro Yamada reported that certain invisible control...

Firefox URL spoofing with invisible control characters

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks...

Design/Logic Flaw

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL aka the user field, as demonstrated by %E3%80%80 sequences...