CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

Google Chrome Multiple Vulnerabilities - Nov09

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnnov09.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome Multiple Vulnerabilities - Nov09 Authors: Sharath S Copyright: Copyright c 2009 SecPod,...

Google Chrome setInterval方式调用拒绝服务漏洞

CVE ID: CVE-2009-3933 Google Chrome是Google发布的开源WEB浏览器。 Chrome所使用的WebKit没有正确地处理JavaScript setInterval方式的调用，特制网页可以触发WTF::currentTime与base::Time函数之间的不兼容，耗尽100%的CPU资源。 Google Chrome 3.0.195.32 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.google.com script setIntervalfunction , 0;...

Design/Logic Flaw

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service CPU consumption via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions...

CVE-2009-3933

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service CPU consumption via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions...

CVE-2009-3933

CVE-2009-3933 affects WebKit as used in Google Chrome up to version prior to 3.0.195.32. The issue is a denial of service caused by a CPU-consuming hot path when a web page calls JavaScript setInterval, triggered by an incompatibility between WTF::currentTime and base::Time functions. The vulnera...

CVE-2009-3933

Removed by vendor...

CVE-2009-3933

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service CPU consumption via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions...

KDE Konqueror SetInterval函数地址栏URI伪造漏洞

Konqueror是一款多功能的浏览器，允许浏览本地和网络文件系统和全功能的WWW浏览器。 Konqueror不正确过滤用户输入，远程攻击者可以利用漏洞进行URI伪造攻击，获得目标用户敏感信息。 使用较小的间隔值如0使用调用setInterval来更改window.location属性，攻击者可以构建恶意WEB页在地址栏中显示可信URL而内容为任意内容，导致诱使用户信任内容而泄露敏感信息。 KDE Konqueror 3.5.7 KDE Konqueror 3.5.5 目前没有解决方案提供： http://www.konqueror.org/ 可参考如下测试页面：...

CVE-2007-4224

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property...

Code injection

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property...

Race condition

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions o...

CVE-2006-0753

Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service memory consumption via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status...

Memory corruption

Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service memory consumption via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status...

CVE-2006-0753

Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service memory consumption via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status...