CVSS: 9.3EPSS: 14%CPEs: 47EXPL: 1CVE-2010-0655 – Mozilla Firefox 3.5.8 - Style Sheet redirection Information Disclosure
https://notcve.org/view.php?id=CVE-2010-0655
18 Feb 2010 — Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site. Vulnerabilidad uso después de la liberación (use-after-free) en Google Chrome anterior a v4.0.249.78 permite a atacantes remotos asistidos por usuarios provocar una denegación de servicio (cuelgue de aplicación) o posibleme... • https://www.exploit-db.com/exploits/33664 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0660
https://notcve.org/view.php?id=CVE-2010-0660
18 Feb 2010 — Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging. Google Chrome anterior a v4.0.249.78 envía una dirección URL https en la cabecera Referer de una petición HTTP en determinadas circunstancias involucrando la redirección https a http, lo cual permite a los servidores HTTP remotos obtener información sens... • http://code.google.com/p/chromium/issues/detail?id=29920 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0556
https://notcve.org/view.php?id=CVE-2010-0556
18 Feb 2010 — browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. browser/login/login_prompt.cc en Google Chrome anterior v4.0.249.89 con un diálogo de autenticación con credenciales que fueron almacenadas por Pass... • http://code.google.com/p/chromium/issues/detail?id=32718 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 8%CPEs: 47EXPL: 2CVE-2010-0315 – Google Chrome 3.0 - Style Sheet redirection Information Disclosure
https://notcve.org/view.php?id=CVE-2010-0315
14 Jan 2010 — WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. WebKit anterior a versión r53607, tal como es usado en Chrome de Google anterior a versión 4.0.249.89, permite a los atacantes remotos detectar la URL de destino... • https://www.exploit-db.com/exploits/33562 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2816
https://notcve.org/view.php?id=CVE-2009-2816
13 Nov 2009 — The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. La implementación de Cross-Origin Resource Sharing (CORS) en WebKit, tal como es usado en Safari de Apple anterior a versión 4.0.4 y Chrome d... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 4%CPEs: 43EXPL: 0CVE-2009-3932
https://notcve.org/view.php?id=CVE-2009-3932
12 Nov 2009 — The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state." El plugin Gears en Google Chrome, en versiones anteriores a la 3.0.195.32 permite a usuarios remotos asistidos por el usuario provocar una denegación de servicio (corrupción de memoria y caída del plugin) o posiblemente ejecuta... • http://code.google.com/p/chromium/issues/detail?id=26179 •
CVSS: 6.5EPSS: 4%CPEs: 45EXPL: 0CVE-2009-3933
https://notcve.org/view.php?id=CVE-2009-3933
12 Nov 2009 — WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. WebKit en versiones anteriores a la r50173, tal como se usa en Google Chrome en versiones anteriores a la 3.0.195.32, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una página web qu... • http://code.google.com/p/chromium/issues/detail?id=25892 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 57%CPEs: 43EXPL: 0CVE-2009-3931
https://notcve.org/view.php?id=CVE-2009-3931
12 Nov 2009 — Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the vi... • http://code.google.com/p/chromium/issues/detail?id=23979 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 43EXPL: 0CVE-2009-3934
https://notcve.org/view.php?id=CVE-2009-3934
12 Nov 2009 — The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail. La función WebFrameLoaderClient::dispatchDidChangeLocationWithinPage en src/webkit/glue/webframeloaderclient_impl.cc en Google Chrome antes de 3.0.195.32 permite a atacantes asistidos p... • http://code.google.com/p/chromium/issues/detail?id=22205 •
CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 0CVE-2009-3456
https://notcve.org/view.php?id=CVE-2009-3456
29 Sep 2009 — Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Google Chrome, posiblemente v3.0.195.21 y ant... • http://www.securityfocus.com/bid/36479 • CWE-310: Cryptographic Issues •