This repository has been archived by the owner on Feb 2, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 113
SecurityAdvisories
Kevin Reid edited this page Jan 28, 2016
·
8 revisions
- 28 Jan 2016 SecurityAdvisory20160128 Complete breach, with guest HTML only.
- 13 Mar 2015 SecurityAdvisory20150313 Code execution, capability leak, endangered integrity.
- 22 Sep 2014 SecurityAdvisory20140922 Rosetta Flash.
- 21 Nov 2013 SecurityAdvisory20131121 Possible code execution.
- 13 Aug 2013 SecurityAdvisory201308013 Possible code execution and communication channel.
- 2 May 2013 SecurityAdvisory20130502 Communication channel and possible other vulnerabilities (ES5/3 mode only).
- 23 Apr 2013 SecurityAdvisory20130423 Possible code execution (ES5/3 mode only), communication channel.
- 10 Apr 2013 SecurityAdvisory20130410 Code execution vulnerability (ES5 mode only).
- 13 Feb 2013 SecurityAdvisory20130213 Code execution vulnerabilities.
- 22 Jan 2013 SecurityAdvisory20130122 Code execution vulnerabilities.
- 8 Nov 2012 SecurityAdvisory20121108 Foreign nodes are not protected; host methods may be misapplied; tighter user-interaction-only restrictions.
- 19 Sep 2012 SecurityAdvisory20120919 Arbitrary code execution via setTimeout.
- 02 May 2012 SecurityAdvisory20120502 JavaScript URLs in style attributes not sanitized.
- 16 Jan 2012 SecurityAdvisory20120116 Guest HTML can overflow container-supplied boundary.
- 02 Aug 2011 SecurityAdvisory20110802 innerText of script tags editable.
- 19 Oct 2009 SecurityAdvisory19Oct2009 iframes allowed in HTML whitelists.
- 07 Jul 2009 SecurityAdvisory20090707 Really fix the previous issue.
- 23 Jun 2009 SecurityAdvisory20090623 Arbitrary code execution via DOM wrappers.
- 23 Mar 2009 SecurityAdvisory20090323 Some code was not cajoled at all.
- 20 Feb 2009 SecurityAdvisory20090220 Flaw in JSON parsing.