Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-17 | CVE-2017-5016 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. | 6.5 |
2016-06-13 | CVE-2016-2496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 6.0/6.0.1 The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796. | 9.8 |
2014-02-06 | CVE-2014-1480 | Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. | 4.3 |
2013-12-11 | CVE-2013-5614 | Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. | 4.3 |
2011-04-13 | CVE-2011-1244 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." | 5.8 |
2008-06-16 | CVE-2008-2716 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Opera Browser Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. | 5.0 |
2005-08-01 | CVE-2005-2407 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Opera Browser A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking". | 5.1 |