CVE-2019-11699

A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox 67...

EUVD-2017-14499

Malware in sbrugna...

EUVD-2015-1419

Malware in sbrugna...

EUVD-2017-14174

Malware in sbrugna...

EUVD-2005-2264

Malware in sbrugna...

[SECURITY] Fedora 41 Update: php-adodb-5.22.10-1.fc41

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

CVE-2018-12381

Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected...

CVE-2018-12381

Concretely, CVE-2018-12381 affects Mozilla Firefox ESR < 60.2 and Firefox

Mozilla Firefox Security Advisories (MFSA2018-18, MFSA2018-21) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email...

CVE-2017-5065

Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page...

CVE-2017-5065

Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page...

CVE-2017-5065

CVE-2017-5065 is a Blink/navigation flaw in Google Chrome on Windows and macOS prior to 58.0.3029.81. A crafted HTML page could mislead a user into making an incorrect security decision. The vulnerability stems from insufficient action on page navigation. Remediation, where noted, is to update to...

SUSE-SU-2017:2302-1 Security update for MozillaFirefox

Mozilla Firefox was updated to the ESR 52.3 release bsc1052829 Following security issues were fixed: MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts MFSA 2017-19/CVE-2017-779...

Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...

WebKit - Stealing Variables via Page Navigation in FrameLoader::clear Exploit

Exploit for multiple platform in category dos / poc pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html' return...

WebKit FrameLoader::clear Variable Theft

WebKit: Stealing variables via page navigation in FrameLoader::clear CVE-2017-2515 void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; mneedsClear = false; if...

WebKit - FrameLoader::clear Stealing Variables via Page Navigation

WebKit - FrameLoader::clear Stealing Variables via Page Navigation pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html'...

WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation

pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; window.onclick = =...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...