Информационная безопасность
[RU] switch to English


Межсайтовый скриптинг в браузере Flock
Опубликовано:17 сентября 2010 г.
Источник:
SecurityVulns ID:11154
Тип:клиент
Уровень опасности:
5/10
Описание:Многочисленные условия межсайтового скриптинга.
CVE:CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.)
 CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.)
 CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.)
 CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.)
Оригинальный текстdocumentFLOCK, [FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS) (17.09.2010)
 documentFLOCK, [FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS) (17.09.2010)
 documentFLOCK, [FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS) (17.09.2010)
 documentFLOCK, [FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS) (17.09.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород