28 matches found
CVE-2011-1440
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets CSS token sequences...
Design/Logic Flaw
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets CSS token sequences...
Cross site scripting
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...
CVE-2011-1579
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...
CVE-2011-0474
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets CSS token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a...
CVE-2011-0474
Removed by vendor...
Type confusion
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets CSS token sequences, which allows remote attackers ...
CVE-2010-3962
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets CSS token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption...