{"id":13539210,"url":"https://github.com/metnew/uxss-db","last_synced_at":"2025-04-02T06:30:36.001Z","repository":{"id":41203319,"uuid":"108575421","full_name":"Metnew/uxss-db","owner":"Metnew","description":"🔪Browser logic vulnerabilities :skull_and_crossbones:","archived":false,"fork":false,"pushed_at":"2021-01-23T16:44:56.000Z","size":570,"stargazers_count":686,"open_issues_count":0,"forks_count":90,"subscribers_count":35,"default_branch":"master","last_synced_at":"2024-11-03T04:32:20.661Z","etag":null,"topics":["browser","cve","javascript","security","vulnerability","xss"],"latest_commit_sha":null,"homepage":"https://uxss-db.now.sh/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Metnew.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-27T17:32:09.000Z","updated_at":"2024-10-10T13:42:54.000Z","dependencies_parsed_at":"2022-09-13T10:00:41.225Z","dependency_job_id":null,"html_url":"https://github.com/Metnew/uxss-db","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Metnew%2Fuxss-db","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Metnew%2Fuxss-db/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Metnew%2Fuxss-db/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Metnew%2Fuxss-db/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Metnew","download_url":"https://codeload.github.com/Metnew/uxss-db/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767536,"owners_count":20830507,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser","cve","javascript","security","vulnerability","xss"],"created_at":"2024-08-01T09:01:21.789Z","updated_at":"2025-04-02T06:30:35.416Z","avatar_url":"https://github.com/Metnew.png","language":"HTML","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"5d7191f01544a12bdaf1315c3e986dff\"\u003e\u003c/a\u003eXSS\u0026\u0026XXE"],"readme":"# uxss-db 🔪\n\n\u003e Star the repo, if it was useful for you ⭐️.\n\n\u003e Any help is highly appreciated, 🙏 check [TODO](#todo)!\n\n- [uxss-db 🔪](#uxss-db-%F0%9F%94%AA)\n - [Intro](#intro)\n - [Webkit](#webkit)\n - [Chromium](#chromium)\n - [IE/Edge](#ieedge)\n - [Articles](#articles)\n - [Whitepapers](#whitepapers)\n - [Browser hacking guides and design docs](#browser-hacking-guides-and-design-docs)\n - [Firefox](#firefox)\n - [Tor](#tor)\n - [Brave](#brave)\n - [Chromium](#chromium)\n - [Webkit](#webkit)\n - [Electron](#electron)\n - [Specs](#specs)\n - [Bounties](#bounties)\n - [Misc](#misc)\n - [Scripts](#scripts)\n - [Author](#author)\n - [LICENSE](#license)\n - [TODO](#todo)\n\n**Inspired by [`js-vuln-db`](https://github.com/tunz/js-vuln-db)**\n\nFor **memory** bugs, exploits and other: check [`awesome-browser-exploit`](https://github.com/Escapingbug/awesome-browser-exploit)\n\n\u003e You can extract `js-vuln-db` CVEs to `.html/.js` files using [Scripts](#scripts)\n\n## Intro\n\n* [What is UXSS?](https://www.acunetix.com/blog/articles/universal-cross-site-scripting-uxss/)\n* [What is SOP?](https://en.wikipedia.org/wiki/Same-origin_policy)\n* [What is CORS?](https://developer.mozilla.org/ru/docs/Web/HTTP/CORS)\n\nSome CVE ids were not found:\n\n* **0-$$$$** - the issue with id _$$$$_ in [google project zero tracker](https://bugs.chromium.org/p/project-zero/issues/list)\n* **cr-$$$$** - the issue with id _$$$$_ in [Chromium tracker](https://bugs.chromium.org/p/chromium/issues/list)\n* **some-bug** - the vulnerability doesn't have CVE or CVE is unknown\n\n_Version field has \"?\" symbol, if a version wasn't attached to the report_\n\n**NOTE: Many CVEs aren't listed in the tables below!** \n\n*Check `/other` folder = unsorted/unknown/duplicated CVEs and vulnerabilities for less popular browsers*\n\n## Webkit\n\n| CVE/id | title | version | date |\n| ------------------------------------------------------- | ----------------------------------------------------------------------------------- | ------- | ------------ |\n| [CVE-2017-7089](https://github.com/Bo0oM/CVE-2017-7089) | UXSS via `parent-tab://` | 10? | Sep 20, 2017 |\n| [CVE-2017-7037](./webkit/CVE-2017-7037) | UXSS via `JSObject::putInlineSlow` and `JSValue::putToPrimitive` | 10? | Mar 10 2017 |\n| [0-1197](./webkit/0-1197) | WebKit: UXSS via `CachedFrameBase::restore` | 10? | Mar 17 2017 |\n| [CVE-2017-2528](./webkit/CVE-2017-2528) | UXSS: `CachedFrame` doesn't detach openers | 10? | Mar 10 2017 |\n| [0-1163](./webkit/0-1163) | UXSS via `Document::prepareForDestruction` and CachedFrame | 10? | Mar 3 2017 |\n| [CVE-2017-2510](./webkit/CVE-2017-2510) | UXSS: `enqueuePageshowEvent` and `enqueuePopstateEvent` don't enqueue, but dispatch | 10? | Feb 27 2017 |\n| [CVE-2017-2508](./webkit/CVE-2017-2508) | UXSS via `ContainerNode::parserInsertBefore` | 10? | Feb 24 2017 |\n| [0-1134](./webkit/0-1134) | UXSS via `ContainerNode::parserRemoveChild` (2) | 10? | Feb 17 2017 |\n| [0-1132](./webkit/0-1132) | UXSS: the patch of #1110 made another bug | 10 | Feb 16 2017 |\n| [CVE-2017-2504](./webkit/CVE-2017-2504) | UXSS via `Editor::Command::execute` | 10.0.3 | Feb 16 2017 |\n| [CVE-2017-2493](./webkit/CVE-2017-2493) | UXSS through `HTMLObjectElement::updateWidget` | 10.0.3 | Feb 9 2017 |\n| [CVE-2017-2480](./webkit/CVE-2017-2480) | UXSS via a synchronous page load | 10.0.3 | Feb 9 2017 |\n| [CVE-2017-2479](./webkit/CVE-2017-2479) | UXSS via a focus event and a link element | 10.0.3 | Feb 9 2017 |\n| [CVE-2017-2475](./webkit/CVE-2017-2475) | UXSS via `ContainerNode::parserRemoveChild` | 10.0.3 | Feb 2 2017 |\n| [CVE-2017-2468](./webkit/CVE-2017-2468) | Use-After-Free via `Document::adoptNode` | 10.0.3 | Jan 23 2017 |\n| [0-1094](./webkit/0-1094) | UXSS via `operationSpreadGeneric` | 10.0.2 | Jan 20 2017 |\n| [0-1084](./webkit/0-1084) | UXSS via `PrototypeMap::createEmptyStructure` | 10.0.2 | Jan 17 2017 |\n| [CVE-2017-2445](./webkit/CVE-2017-2445) | UXSS via `disconnectSubframes` | 10.0.2 | Jan 9 2017 |\n| [CVE-2017-2442](./webkit/CVE-2017-2442) | UXSS with `JSCallbackData` | 10.0.2 | Jan 3 2017 |\n| [CVE-2017-2367](./webkit/CVE-2017-2367) | UXSS by accessing a named property from an unloaded window | 10.0.2 | Dec 23 2016 |\n| [CVE-2017-2365](./webkit/CVE-2017-2365) | UXSS via `Frame::setDocument` | 10.0.2 | Dec 20 2016 |\n| [CVE-2017-2364](./webkit/CVE-2017-2364) | UXSS via `Frame::setDocument` (1). | 10.0.2 | Dec 20 2016 |\n| [CVE-2017-2363](./webkit/CVE-2017-2363) | UXSS via `FrameLoader::clear` | 10.0.2 | Dec 19 2016 |\n\n## Chromium\n\n| CVE/id | title | version | date |\n| ------------------------------------------------------- | ------------------------------------------------------------------------------ | ----------- | ----------- |\n| [CVE-2018-6128](./chrome/CVE-2018-6128) | UXSS via URL parsing bug | 66 | May 9 2018 |\n| [CVE-2017-5124](https://github.com/Bo0oM/CVE-2017-5124) | UXSS with MHTML | 61 | Oct 20 2017 |\n| [cr-687844](./chrome/cr-687844) | `window.external` leaks global object + cross origin script access | 57 | Feb 2 2017 |\n| [CVE-2017-5007](./chrome/CVE-2017-5007) | UXSS through bypassing `ScopedPageSuspender` with closing windows | 55 | Dec 5 2016 |\n| [cr-656274](./chrome/cr-656274) | Cross-origin object leak via `fetch` | 56 (canary) | Oct 15 2016 |\n| [cr-594383](./chrome/cr-594383) | UXSS via `window.open()` via `file://` pages | 54 | Oct 15 2016 |\n| [CVE-2016-5207](./chrome/CVE-2016-5207) | UXSS via fullscreen element updates | 54 | Oct 14 2016 |\n| [CVE-2016-5204](./chrome/CVE-2016-5204) | UXSS by intercepting a UA shadow tree | 52 | Jul 24 2016 |\n| [CVE-2016-1676](./chrome/CVE-2016-1676) | Persistent UXSS via `SchemaRegistry` | 50 | Apr 19 2016 |\n| [CVE-2016-1667](./chrome/CVE-2016-1667) | UXSS through adopting image elements | 50 | Apr 21 2016 |\n| [CVE-2016-1674](./chrome/CVE-2016-1674) | UXSS via the interception of `Binding` with `Object.prototype.create` | 49 | Mar 26 2016 |\n| [CVE-2016-1673](./chrome/CVE-2016-1673) | UXSS using a `FrameNavigationDisabler` bypass | 49 | Mar 24 2016 |\n| [cr-583445]('./chrome/cr-583445') | UXSS in `DocumentLoader::createWriterFor` | 48 | Feb 2 2016 |\n| [CVE-2016-1631](./chrome/CVE-2016-1631) | UXSS using Flash message loop | 47 | Dec 14 2015 |\n| [CVE-2015-6770](./chrome/CVE-2015-6770) | UXSS using `document.adoptNode` | 45 | Oct 8 2015 |\n| [CVE-2015-6769](./chrome/CVE-2015-6769) | UXSS via the `unload_event` module | 45 | Sep 22 2015 |\n| [CVE-2015-6765](./chrome/CVE-2015-6765) | UXSS via `ContainerNode::parserInsertBefore` | 44 | Aug 11 2015 |\n| [CVE-2015-1268](./chrome/CVE-2015-1268) | UXSS using IDBKeyRange static methods | 43 | May 31 2015 |\n| [CVE-2014-1747](./chrome/CVE-2014-1747) | UXSS via local MHTML files | 35 | Dec 25 2013 |\n| [CVE-2014-1701](./chrome/CVE-2014-1701) | UXSS via `dispatchEvent` on iframes | 32 | Feb 11 2014 |\n| [CVE-2011-2856](./chrome/CVE-2011-2856) | Arbitrary cross-origin bypass using `__defineGetter__` prototype override | 15 | Aug 18 2011 |\n| [CVE-2011-3243](./chrome/CVE-2011-3243) | Universal XSS using `contentWindow.eval` | 12 | May 24 2011 |\n| [CVE-2011-1438](./chrome/CVE-2011-1438) | bypass SOP with `blob:` | 11 | Mar 2 2011 |\n| [cr-74372]('./chrome/cr-74372') | `chrome://blob-internals/` XSS | 11 | Feb 28 2011 |\n| [cr-37383]('./chrome/cr-37383') | `javascript:` url with a leading NULL byte can bypass cross origin protection. | ? | Mar 4 2010 |\n\n## IE/Edge\n\n| CVE/id | version/date | reporter |\n| ---------------------------------------------------------------------------------------------------------------- | ------------ | -------- |\n| [CVE-2015-0072](https://github.com/dbellavista/uxss-poc), [alternative PoC](https://github.com/wjessop/UXSS_PoC) | | |\n\n## Articles\n\n* (RU) [Комикс о UXSS в Safari и Chrome](https://bo0om.ru/chrome-and-safari-uxss) - CVE-2017-5124 + CVE-2017-7089\n* [Analysis on Internet Explorer's UXSS](https://blog.innerht.ml/ie-uxss/) - CVE-2015-0072\n* [Universal XSS via Evernote WebClipper](https://blog.xpnsec.com/evernote-webclipper-uxss/)\n* [Mobile Browsers Security: iOS](https://www.syscan360.org/slides/2014_EN_MobileBrowsersSecurityiOS_LukaszPilorzPawelWylecial.pdf)\n* [SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge)](https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/) - May 10, 2017\n* [Grabbing data from Inputs and Textareas (Edge/IE)](https://www.brokenbrowser.com/grabdatafrominput/) - Aug 28, 2016\n* [Exploring and Exploiting iOS Web Browsers](http://bofh.nikhef.nl/events/HitB/hitb-2014-amsterdam/praatjes/D2T2-Exploring-and-Exploiting-iOS-Web-Browsers.pdf) - Łukasz Pilorz, Marek Zmysłowski, Hack In The Box, Amsterdam 2014\n* https://leucosite.com blog by [@Qab](https://twitter.com/Qab)\n* [BrokenBrowser](https://www.brokenbrowser.com) blog:\n * https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/\n * https://www.brokenbrowser.com/sop-bypass-uxss-tweeting-like-charles-darwin/\n * https://www.brokenbrowser.com/sop-bypass-abusing-read-protocol/\n * https://www.brokenbrowser.com/microsoft-edge-detecting-installed-extensions/\n * https://www.brokenbrowser.com/free-ticket-to-the-intranet-zone/\n * https://www.brokenbrowser.com/uxss-ie-domainless-world/\n * https://www.brokenbrowser.com/bypass-the-patch-to-keep-spoofing-the-address-bar-with-the-malware-warning/\n * https://www.brokenbrowser.com/zombie-alert/\n * https://www.brokenbrowser.com/uxss-ie-htmlfile/\n * https://www.brokenbrowser.com/uxss-edge-domainless-world/\n * https://www.brokenbrowser.com/abusing-of-protocols/\n * https://www.brokenbrowser.com/loading-insecure-content-in-secure-pages/\n * https://www.brokenbrowser.com/detecting-local-files-to-evade-analysts/\n * https://www.brokenbrowser.com/workers-sop-bypass-importscripts-and-basehref/\n * https://www.brokenbrowser.com/detecting-apps-mimetype-malware/\n * https://www.brokenbrowser.com/referer-spoofing-defeating-xss-filter/\n * https://www.brokenbrowser.com/css-history-leak/\n * https://www.brokenbrowser.com/grabdatafrominput/\n\n## Whitepapers\n\n* [X41: Browser Security White Paper](https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf) + [website](https://www.x41-dsec.de/security/report/whitepaper/2017/09/18/whitepaper-x41-browser-security/) + [repo](https://github.com/x41sec/browser-security-whitepaper-2017)\n* [The Definitive Guide to Same-origin Policy](https://www.netsparker.com/whitepaper-same-origin-policy/)\n* [On the Security of the SOP-DOM Using HTML and JavaScript Code](http://your-sop.com/more-stuff/subsequent-work/On_the_Security_of_the_SOP-DOM_Using_HTML_and_JavaScript_Code.pdf)\n* [Same-Origin Policy: Evaluation in Modern Browsers](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schwenk.pdf) + [slides](https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_marcus_niemietz.pdf) + [talk](https://youtu.be/-dz_V0fqUnw) + [your-sop.com](http://your-sop.com)\n* [Google Browser Security Handbook](https://ru.scribd.com/document/135631086/Google-Browser-Security-Handbook)\n* [A Security Study of Chrome’s Process-based Sandboxing](http://www.comp.nus.edu.sg/~tsunami/papers/ChromeDOP.pdf)\n* [A Systematic Approach to Uncover Security Flaws in GUI Logic](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/GUILogicSecurity.pdf)\n* [JSON hijacking](https://www.owasp.org/images/6/6a/OWASPLondon20161124_JSON_Hijacking_Gareth_Heyes.pdf)\n* [Bypassing the Same Origin Policy - The Browser Hacker\u0026rsquo;s Handbook (2014)](http://apprize.info/security/browser/5.html)\n\n## Browser hacking guides and design docs\n\n### Firefox\n\n* [7 Tips for Fuzzing Firefox More Effectively](https://blog.mozilla.org/security/2012/06/20/7-tips-for-fuzzing-firefox-more-effectively/)\n\n### Tor\n\n* [The Tor Browser Hacking Guide](https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking)\n* [The Design and Implementation of the Tor Browser [DRAFT]](https://www.torproject.org/projects/torbrowser/design/)\n\n### Brave\n\n* [Brave browser repo](https://github.com/brave/browser-laptop)\n* [Component Structure](https://github.com/brave/browser-laptop/blob/master/docs/componentStructure.md)\n* [Directory Structure](https://github.com/brave/browser-laptop/blob/master/docs/directoryStructure.md)\n* [State](https://github.com/brave/browser-laptop/blob/master/docs/state.md) - similar to Redux state concept, but just an ImmutableJS object\n* [How to work with crashes](https://github.com/brave/browser-laptop/wiki/Crashes)\n\n### Chromium\n\n* [How Chromium Displays Web Pages](https://www.chromium.org/developers/design-documents/displaying-a-web-page-in-chrome)\n* [Chromium: Multi-process Architecture](https://www.chromium.org/developers/design-documents/multi-process-architecture)\n* [Site Isolation Design Document](https://www.chromium.org/developers/design-documents/site-isolation)\n* [Threading and Tasks in Chrome](https://chromium.googlesource.com/chromium/src/+/master/docs/threading_and_tasks.md)\n* [Important Abstractions and Data Structures](https://www.chromium.org/developers/coding-style/important-abstractions-and-data-structures)\n\n### Webkit\n\n* [Core WebKit Classes](https://developer.apple.com/library/content/documentation/Cocoa/Conceptual/DisplayWebContent/Concepts/WebKitDesign.html)\n* [Webkit docs on developer.apple.com](https://developer.apple.com/documentation/webkit)\n\n### Electron\n\n* [Modern Alchemy: Turning XSS into RCE](https://blog.doyensec.com/2017/08/03/electron-framework-security.html)\n* [Electron Security Checklist ](https://www.blackhat.com/docs/us-17/thursday/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf)\n\n\n## Specs\n\n* [W3C Suborigins [DRAFT]](https://w3c.github.io/webappsec-suborigins/)\n* [W3C Service Workers Nightly](https://w3c.github.io/ServiceWorker/)\n* [ECMA 262](https://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf)\n\n## Bounties\n\n* [Zerodium](https://zerodium.com/program.html)\n* [Tor](https://hackerone.com/torproject)\n* [Chrome](https://www.google.com/about/appsecurity/chrome-rewards/)\n* [Brave](https://hackerone.com/brave)\n* [SSD](https://www.beyondsecurity.com/ssd.html)\n* [MS Edge](https://technet.microsoft.com/en-us/mt761990.aspx)\n\n## Misc\n\n* [NodeFuzz](https://code.google.com/archive/p/ouspg/wikis/NodeFuzz.wiki) - web browser fuzzer\n* [brave/Muon](https://github.com/brave/muon) - Build browsers and browser like applications with HTML, CSS, and JavaScript (part of the Brave's bug bounty)\n* https://ios.browsr-tests.com - list of SOP bypasses in iOS\n* https://github.com/rafaybaloch/SOP-Bypass-Mini-Test-Suite - list of SOP bypasses\n* [ref_fuzz](https://lcamtuf.blogspot.com/2010/06/announcing-reffuzz-2yo-fuzzer.html) fuzzer - [source code](http://lcamtuf.coredump.cx/ref_fuzz5.html)\n* [javascript - Ways to circumvent the same-origin policy - Stack Overflow](https://stackoverflow.com/questions/3076414/ways-to-circumvent-the-same-origin-policy) - document.domain, window.postMessage, CORS, reverse proxy( + jsonp)\n* Slides about cookie security - [Cookie same origin policy](https://crypto.stanford.edu/cs142/lectures/10-cookie-security.pdf)\n* [PortSwigger/hackability](https://github.com/PortSwigger/hackability) - \"Devtools\" for browser security. (useful for less known browsers)\n\n\n## Scripts\n\n```bash\n # Export `js-vuln-db` repo CVEs to html\n bash ./scripts/js-vuln-db-to-format.sh html\n # Export `js-vuln-db` repo CVEs to js\n bash ./scripts/js-vuln-db-to-format.sh js\n```\n\n## Author\n\nVladimir Metnew \u003cmailto:vladimirmetnew@gmail.com\u003e\n\n## LICENSE\n\nMIT\n\n## TODO\n\n* Add these bugs:\n * [Pwn2Own: content: scheme allows cross-origin info leaks](https://bugs.chromium.org/p/chromium/issues/detail?id=659489)\n * [Use-after free in leveldb](https://bugs.chromium.org/p/chromium/issues/detail?id=88944)\n * [Security: UaF in MidiHost round 2 (JS -\u003e Browser code execution)](https://bugs.chromium.org/p/chromium/issues/detail?id=576383)\n * https://bugs.chromium.org/p/chromium/issues/detail?id=419383\n * https://github.com/mpgn/ByP-SOP\n * http://unsafe.cracking.com.ar/demos/edgedatametadata/bing.html\n * https://bugs.chromium.org/p/chromium/issues/detail?id=666246\n * http://www.cracking.com.ar/demos/workerleak/\n * http://www.cracking.com.ar/demos/xmldom/\n * http://unsafe.cracking.com.ar/demos/sandboxedge/\n * https://www.cracking.com.ar/demos/sop-ax-htmlfile/injectiframexdom.html\n * [438085 - Security: SOP bypass via DNS-Rebind (including PoC) - chromium - Monorail](https://bugs.chromium.org/p/chromium/issues/detail?id=438085)\n * [demonic_browsers.pdf](https://research.aurainfosec.io/assets/demonic_browsers.pdf)\n * [JSON hijacking for the modern web | Blog](https://portswigger.net/blog/json-hijacking-for-the-modern-web)\n * [Pwnfest 2016 meta bug](https://bugs.chromium.org/p/chromium/issues/detail?id=664551)\n * https://bugs.chromium.org/p/chromium/issues/detail?id=682020\n * https://blog.jeremiahgrossman.com/2006/08/i-know-where-youve-been.html - that web 1.0 thing\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetnew%2Fuxss-db","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmetnew%2Fuxss-db","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetnew%2Fuxss-db/lists"}