296,223
Total vulnerabilities in the database
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
| Software | From | Fixed in |
|---|---|---|
| microsoft / internet_explorer | 7.0.5730 | 7.0.5730.x |
| microsoft / internet_explorer | 8.0b | 8.0b.x |
| microsoft / internet_explorer | 8 | 8.x |
| microsoft / internet_explorer | 5 | 5.x |
| microsoft / internet_explorer | 6-sp1 | 6-sp1.x |
| microsoft / internet_explorer | 6-sp2 | 6-sp2.x |
| microsoft / pocket_ie | 3.0 | 3.0.x |
| microsoft / internet_explorer | 5.01-sp4 | 5.01-sp4.x |
| microsoft / internet_explorer | 7 | 7.x |
| microsoft / internet_explorer | 8-beta1 | 8-beta1.x |
| microsoft / internet_explorer | 6 | 6.x |
| microsoft / internet_explorer | - | 8.x |
| microsoft / pocket_ie | 2.0 | 2.0.x |
| microsoft / pocket_ie | 4.0 | 4.0.x |
| microsoft / pocket_ie | 2002 | 2002.x |
| microsoft / pocket_ie | 2003 | 2003.x |
| microsoft / pocket_ie | 1.1 | 1.1.x |
| microsoft / pocket_ie | 1.0 | 1.0.x |