Uncontrolled recursion DoS in JustHTML() via deeply nested HTML

Summary justhtml through 1.9.1 allows denial of service via deeply nested HTML. During parsing, JustHTML.init always reaches TreeBuilder.finish, which unconditionally calls populateselectedcontent. That function recursively traverses the DOM via findelements / findelement without a depth bound,...

EUVD-2013-1747

Malware in sbrugna...

OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

Impact When the verifyMultiProof, verifyMultiProofCalldata, processMultiProof, or processMultiProofCalldata functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for...

SUSE CVE-2011-3926

Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2018-17075

The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...

Mozilla Firefox Security Advisory (MFSA2013-77) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

UBUNTU-CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...

openSUSE Security Update : seamonkey (openSUSE-SU-2013:1491-1)

This seamonkey update to version 2.21 fixes several security and non-security issues : - update to SeaMonkey 2.21 bnc840485 - MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards - MFSA 2013-77/CVE-2013-1720 bmo888820 Improper state in HTML5 Tree Builder with templates -...

FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)

The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...

Firefox < 24.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 24.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tree Builder do...

Mozilla Thunderbird 17.x through 23.x Multiple Vulnerabilities

The installed version of Thunderbird is 17.x or later but prior to 24. It is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tre...

Firefox < 24.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 24.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tree Builder does no...

SeaMonkey < 2.21 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.21 and thus, is potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tree Builder does n...

Heap overflow

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute...

CVE-2013-1720

The CVE-2013-1720 issue affects Mozilla Firefox (pre-24.0), Thunderbird (pre-24.0), and SeaMonkey (pre-2.21) where the nsHtml5TreeBuilder::resetTheInsertionMode logic fails to correctly maintain the insertion-mode stack for template elements. This misstate allows a remote attacker to trigger use ...

CVE-2013-1720

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute...

Mozilla Thunderbird < 24.0

Binary data 8011.prm...

Ubuntu: Security Advisory (USN-1951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper state in HTML5 Tree Builder with templates — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-80...