0DAY Mozilla Firefox URL and SSL/TLS Spoofing Unspecified vulnerability in Mozilla Firefox allows remote attackers to spoof URL and SSL/TLS into the location bar. Credit to Eddy Bordi and Jordi Chancel High  XXXX-XX-XX 3000$

0DAY Mozilla Firefox 8.0 SSL/TLS Spoofing and Saved Password Stealing Unspecified vulnerability in Mozilla Firefox allows remote attackers to spoof SSL/TLS and to steal saved password. Credit to Jordi Chancel High  XXXX-XX-XX 3000$

0DAY Mozilla Firefox 3.6.X ClickJacking of Java Applet Unspecified vulnerability in Mozilla Firefox allows remote attackers to cover a Java Applet. Credit to Jordi Chancel Critical  XXXX-XX-XX 3000$

Google Chrome URL Bar Spoofing Unspecified vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to spoof the URL bar via unknown vectors. Credit to Jordi Chancel High  2011-10-25 500$

Google Chrome URL bar spoofing with drag+drop of URLs. Security researcher Jordi Chancel reported a vulnerability in Google Chrome before 15.0.874.102 that allows user-assisted remote attackers to spoof the URL bar via a vector involving a drag and drop. Moderate  2011-10-25

Google Chrome URL Bar Spoofing Security researcher Jordi Chancel reported a vulnerability in Google Chrome before 14.0.835.163 that allows user-assisted remote attackers to spoof the URL bar via a vector involving the forward button. Moderate/High  2011-09-17 500$

Mozilla Firefox Memory corruption due to multipart/x-mixed-replace images Security researcher Jordi Chancel reported that Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. Critical  2011-06-21 3000$

Google Chrome URL Bar Spoofing Security researcher Jordi Chancel reported a vulnerability in Google Chrome before 11.0.696.57 that allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload. Moderate/High  2011-04-01 500$

Google Chrome URL Bar Spoofing Security researcher Jordi Chancel reported a vulnerability in Google Chrome before 9.0.597.107 that allows remote attackers to spoof the URL bar via unknown vectors. High 20011-03-01 1000$

Mozilla Firefox Overflow caused by corrupted JPEG image Security researcher Jordi Chancel reported that a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer. Critical  2011-03-01 3000$

Opera Integer Truncation Remote Code Execution When certain large form inputs appear on a web page, they can cause Opera to crash. In some cases, the crash can lead to memory corruption, which could be used to execute code. To inject code, additional techniques will have to be employed. Credit to Jordi Chancel Critical  2011-01-27

Opera HTML sanitization bypass Sites that accept content from untrusted users are expected to sanitize that content, to remove potentially harmful scripts and scripted attributes. In cases where a link is provided, sites would typically want to remove any links which use scripted protocols. In Opera, if the protocol string contains Tab characters, the character will be ignored, and the link will still be treated as a scripted protocol. This can cause naive sanitization filters not to realize that the link is potentially harmful. Jordi Chancel reported this vulnerability Low/Moderate  2010-12-16

Opera URL Bar Spoofing , Cross Domain Scripting and Remote Code Execution Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context. Carefully timed reloads and redirects, when combined with appropriate caching, can cause scripts to execute in the wrong security context in Opera. This allows cross site scripting (XSS). In some cases, the address bar will also show the address of the target page. With minimal user interaction, this particular XSS vector may also be used to modify Opera's configuration, and this may in turn be used to execute arbitrary code on the computer. Credit to Jordi Chancel Critical  2010-09-13

Mozilla Firefox SSL Spoofing Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. Moderate  2010-07-20 500$

Google Chrome Cross Origin Bypass Security researcher Jordi Chancel reported that the Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via character tabulation or others escape characters inside javascript: protocol string. High 2010-04-27 1000$

Mozilla Firefox URL Bar spoofing PoC Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44 in which a web page can set document.location to a URL that can't be displayed properly and then inject content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking but invalid URL in the location bar and inject HTML and JavaScript into the body of the page, resulting in a spoofing attack. Moderate  2009-12-15 500$

Critical

• Vulnérabilité pouvant être utilisée pour prendre le contrôle d'une machine vulnérable à distance. ( Nécessitant peu ou pas d'intéractions de l'utilisateur )

High

• Spoofing d'un certificat SSL/TLS ciblé. ( Interaction utilisateur commune )
• Accès aux fichiers de l'utilisateur. ( Nécessitant peu ou pas d'intéractions de l'utilisateur )
• Injection de code sur un domaine distant. ( Nécessitant peu ou pas d'intéractions de l'utilisateur )
• Vol des indentifiants de connection enregistrés. ( Nécessitant peu ou pas d'intéractions utilisateur )
• Vulnérabilité pouvant être utilisée pour prendre le contrôle d'une machine vulnérable à distance. ( Avec dificulté dans l'exploitation ou demandant une intéraction utilisateur lourde )

Moderate

• Spoofing de l'URL dans la barre de location. ( Interaction utilisateur commune )
• Potentiel Cross-Site Scripting.
• Vulnérabilité pouvant avoir un impacte "high". ( Nécessitant une interaction utilisateur non-commune )
• Vulnérabilité pouvant être utilisée pour prendre le contrôle d'une machine vulnérable à distance. ( Nécessitant une configuration non commune du software )

Low

• Spoofing mineur.
• Bypass d'une sécurité mineur.
• Accès aux informations sur l'historique ou autres informations non-confidentielles.
• Spoofing ( nécessitant une interaction utilisateur lourde ou non-commune. )
• Vulnérabilité pouvant avoir un impacte "Moderate". ( Avec dificulté dans l'exploitation ou demandant une intéraction utilisateur lourde )