SecurityAdvisories

• 6 Jun 2019 SecurityAdvisory20190606 Complete breach, with guest HTML only.
• 2 Apr 2018 SecurityAdvisory20180402 Complete breach, only if Flash enabled.
• 14 Nov 2017 SecurityAdvisory20171114 Complete breach.
• 1 June 2016 SecurityAdvisory20160601 Issues with google.load taming, variable severity.
• 21 April 2016 SecurityAdvisory20160421 Complete breach.
• 28 Jan 2016 SecurityAdvisory20160128 Complete breach, with guest HTML only.
• 13 Mar 2015 SecurityAdvisory20150313 Code execution, capability leak, endangered integrity.
• 22 Sep 2014 SecurityAdvisory20140922 Rosetta Flash.
• 21 Nov 2013 SecurityAdvisory20131121 Possible code execution.
• 13 Aug 2013 SecurityAdvisory201308013 Possible code execution and communication channel.
• 2 May 2013 SecurityAdvisory20130502 Communication channel and possible other vulnerabilities (ES5/3 mode only).
• 23 Apr 2013 SecurityAdvisory20130423 Possible code execution (ES5/3 mode only), communication channel.
• 10 Apr 2013 SecurityAdvisory20130410 Code execution vulnerability (ES5 mode only).
• 13 Feb 2013 SecurityAdvisory20130213 Code execution vulnerabilities.
• 22 Jan 2013 SecurityAdvisory20130122 Code execution vulnerabilities.
• 8 Nov 2012 SecurityAdvisory20121108 Foreign nodes are not protected; host methods may be misapplied; tighter user-interaction-only restrictions.
• 19 Sep 2012 SecurityAdvisory20120919 Arbitrary code execution via setTimeout.
• 02 May 2012 SecurityAdvisory20120502 JavaScript URLs in style attributes not sanitized.
• 16 Jan 2012 SecurityAdvisory20120116 Guest HTML can overflow container-supplied boundary.
• 02 Aug 2011 SecurityAdvisory20110802 innerText of script tags editable.
• 19 Oct 2009 SecurityAdvisory19Oct2009 iframes allowed in HTML whitelists.
• 07 Jul 2009 SecurityAdvisory20090707 Really fix the previous issue.
• 23 Jun 2009 SecurityAdvisory20090623 Arbitrary code execution via DOM wrappers.
• 23 Mar 2009 SecurityAdvisory20090323 Some code was not cajoled at all.
• 20 Feb 2009 SecurityAdvisory20090220 Flaw in JSON parsing.