12 matches found
EUVD-2017-16776
Malware in sbrugna...
EUVD-2010-1211
Malware in sbrugna...
CVE-2017-7801
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox...
CVE-2016-9895
Event handlers on "marquee" elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...
DEBIAN-CVE-2016-9895
Event handlers on "marquee" elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...
CVE-2017-7801
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox...
CVE-2016-9895
Event handlers on "marquee" elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...
Mozilla Firefox and Firefox ESR Cross-Site Scripting Vulnerability
Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. Mozilla Firefox and Firefox fail to properly handle the JavaScript event-handler attribute in the MARQUEE element, allowing remote attackers to exploit the vulnerability to build malicious web...
Cross site scripting
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting XSS...
CVE-2016-5262
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting XSS...
Mozilla: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76)
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting XSS...
CVE-2010-1181
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long string in a MARQUEE element...