EUVD-2002-1138

Malware in sbrugna...

Brave Desktop 1.79.123 Security Fixes

Fixed missing DDNS navigation throttle for subframes as reported on HackerOne by newfunction. Upgraded Chromium to 137.0.7151.104 — refer to Google Chrome advisories for inherited CVEs...

SUSE CVE-2009-1681

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...

多款Qualcomm产品授权问题漏洞

Qualcomm QCA6574AU and others are products of Qualcomm Incorporated Qualcomm.QCA6574AU is a central processing unit CPU product.APQ8053 is a central processing unit CPU product.SDX55 is a modem. Multiple Qualcomm Products WIGIGI Host An authorization issue vulnerability exists that stems from...

Apple Safari Subframe Same-Origin Policy Bypass Vulnerability

This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file and execute a user gesture within the rendere...

WebKit: UXSS via ContainerNode::parserRemoveChild

Here's a snippet of ContainerNode::parserRemoveChild. void ContainerNode::parserRemoveChildNode& oldChild disconnectSubframesIfNeededthis, DescendantsOnly; let xml = let p = document.querySelector'p'; let link = p.appendChilddocument.createElement'link'; link.rel = 'stylesheet'; link.href =...

WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting

let xml = let p = document.querySelector'p'; let link = p.appendChilddocument.createElement'link'; link.rel = 'stylesheet'; link.href = 'data:,aaaaazxczxczzxzcz'; let btn = document.body.appendChilddocument.createElement'button'; btn.id = 'btn'; btn.onfocus = = btn.onfocus = null; window.d =...

Chrome Universal XSS via persistence of subframes (CVE-2015-6768)

VULNERABILITY DETAILS From /thirdparty/WebKit/Source/core/dom/Document.cpp: bool FrameLoader::prepareForCommit PluginScriptForbiddenScope forbidPluginDestructorScripting; RefPtrWillBeRawPtr pdl = mprovisionalDocumentLoader; ... if mdocumentLoader client-dispatchWillClose; dispatchUnloadEvent;...

Apple WebKit disconnectSubframes UXSS

Apple WebKit: UXSS via disconnectSubframes CVE-2017-2445 When an element is removed from a document, the function |disconnectSubframes| is called to detach its subframesiframe tag, object tag, etc.. Here is a snippet of |disconnectSubframes|. void disconnectSubframesContainerNode& root,...

Apple WebKit 10.0.2(12602.3.12.0.1) - disconnectSubframes Universal Cross-Site Scripting Exploit

Exploit for multiple platform in category web applications frameOwners; if policy == RootAndDescendants if isroot frameOwners.appenddowncastroot; collectFrameOwnersframeOwners, root; // Must disable frame loading in the subtree so an unload handler cannot // insert more frames and create loaded...

Apple WebKit 10.0.2 (12602.3.12.0.1) - disconnectSubframes Universal Cross-Site Scripting

Apple WebKit 10.0.2 12602.3.12.0.1 - disconnectSubframes Universal Cross-Site Scripting frameOwners; if policy == RootAndDescendants if isroot frameOwners.appenddowncastroot; collectFrameOwnersframeOwners, root; // Must disable frame loading in the subtree so an unload handler cannot // insert mo...

Apple WebKit: UXSS via disconnectSubframes (CVE-2017-2445)

When an element is removed from a document, the function |disconnectSubframes| is called to detach its subframesiframe tag, object tag, etc.. Here is a snippet of |disconnectSubframes|. void disconnectSubframesContainerNode& root, SubframeDisconnectPolicy policy ... Vector frameOwners; if policy ...

CVE-2012-2785

Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to 1 "some subframes only encode some channels" or 2 a large order value...