1109 matches found
Arbitrary Code Execution
babel is vulnerable to Arbitrary Code Execution . An attacker can trick a user into compiling malicious code which can lead to code injection during compilation, when using specific plugins that rely on internal babel methods. This can lead to bypass of several protection mechanisms posed by the...
UBUNTU-CVE-2023-45133
Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...
CVE-2023-39323
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
Design/Logic Flaw
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
Mozilla: Use-after-free in Ion Compiler
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...
Mozilla: Use-after-free in Ion Compiler
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6404-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6404-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...
Denial Of Service (DoS)
firefox-esr is vulnerable to Denial Of Service DoS. This vulnerability occurs during log compilation. A Garbage Collection could lead to a use-after-free condition, enabling an attacker to write two NUL bytes and potentially trigger a crash that could be exploitable...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
Design/Logic Flaw
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
CVE-2023-5171
CVE-2023-5171 describes a use-after-free in the Ion compiler’s garbage collection that could allow memory corruption and a potentially exploitable crash, by allowing an attacker to write two NUL bytes. Affected products include Firefox and Thunderbird: Firefox ≤ 117.x (with ESR ≤ 115.3) prior to ...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
CVE-2023-5171
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...
Mozilla Firefox < 118.0
The version of Firefox installed on the remote Windows host is prior to 118.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-41 advisory. - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidenc...
Important: firefox
Issue Overview: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1. CVE-2023-4045 In some...
Medium: ruby
Issue Overview: A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. CVE-2022-28738 A buffer overrun vulnerability was foun...