EUVD-2025-32031

Malicious code in bioql PyPI...

Mozilla: Privileged JavaScript Execution via Event Handlers

The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

WebKit FormSubmission::create Use-After-Free

WebKit: use-after-free in FormSubmission::create CVE-2017-2460 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on a nightly version of WebKit. The PoC has also been observed to crash Safari 10.0.2 on Mac. Please note: This bug is subject to a 90 day...

Apple WebKit - FormSubmission::create Use-After-Free Exploit

Exploit for multiple platform in category dos / poc function go object.name = "foo"; input.autofocus = true; output.appendChildinput; form.submit; function eventhandler forvar i=0;i a !-- ================================================================= Preliminary analysis: The bug is in...

Apple WebKit - FormSubmission::create Use-After-Free

Apple WebKit - FormSubmission::create Use-After-Free function go object.name = "foo"; input.autofocus = true; output.appendChildinput; form.submit; function eventhandler forvar i=0;i a !-- ================================================================= Preliminary analysis: The bug is in...

Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Rea

Exploit for windows platform in category dos / poc function eventhandler1 CollectGarbage; function eventhandler5 try /FileReader/ var var00063 = new FileReader; catcherr //line 68 try /Blob/ var var00064 = new Blob; catcherr //line 69 try var00063.readAsDataURLvar00064; catcherr //line 70 iiThS9l...

CVE-2016-5262

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting XSS...