May crash the browser, force it to display misleading information or simply execute or install exploit code.
secunia.com has a very nice vulnerability list for most common browsers (IE, firefox, ...)
- response-splitting
- Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption.eml
- Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06.eml
- [Full-disclosure] AttackAPI 0.5 (JavaScript tools).eml
- Firefox Remote Code Execution and DoS 1.5.0.2.eml
- crashing firefox <= 1.5.0.4.eml
- ShockwaveFlash 9 (Stack overflow).eml
- CrossSiteCooking
- (exploit) firefox 1.5.0.6 linux DoS.eml
- Firefox-CertificateSpoofing.txt
- re: linksys WRT54g authentication bypass.eml
- Java-Plugin-1.4.2-vuln
- Mozilla-Firefox-ssl-spoof.txt
- Sending multipart_form-data requests from Flash (with arbitrary headers).eml
- Image file crashes Finder, Safari and other apps.eml
- crash-Opera.txt
- http-response-smuggling
- Opera 9 Remote Denial of Service.eml
- Fire fox dos exploit.eml
- re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory.eml
- Firefox-Opera-IE-DoS.ml
- Multiple browsers Windows mailto protocol Office 2003 file attachment exploit.eml
- Technical note: under some conditions, it's possible to steal HTTP credentials using Flash.eml
- Java-version-downgrading-PoC
- Nokia Browser Crash.eml
- Concurrency-related vulnerabilities in browsers - expect problems.eml
- (somewhat) breaking the same-origin policy by undermining dns-pinning.eml
- OPERA Web Browser 9 Denial OF Service.eml
- CrossSiteTracing
- Opera-Konqueror-Firefox-Safari-Telnet
- firefox-1.0.3-spoof+auto-dl
- opera-7.53-location.txt
- Self-contained XSS Attacks (the new generation of XSS).eml
- Ie opera dos exploit.eml
copyleft