justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language is related to the lack of measures taken to protect the structure of web pages when processing style elements. Exploiting this vulnerability allows a remote attacker to perform...

SUSE CVE-2011-1290

Integer overflow in WebKit, as used on the Research In Motion RIM BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets,...

Mozilla: Memory corruption as a result of incorrect style treatment

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Mozilla: Memory corruption as a result of incorrect style treatment

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Mozilla: Memory corruption as a result of incorrect style treatment

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Mozilla: Memory corruption as a result of incorrect style treatment

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Mozilla: Memory corruption as a result of incorrect style treatment

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer error vulnerability that stems from incorrect style handling...

CVE-2011-2854

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."...

CVE-2011-2854

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."...

CVE-2011-2854

Removed by vendor...

Google Chrome < 10.0.648.133 Code Execution

The version of Google Chrome installed on the remote host is earlier than 10.0.648.133. Such versions are reportedly affected by a memory corruption vulnerability in style handling. By tricking a user into opening a specially crafted web page, a remote unauthenticated attacker could execute...