PT-2023-3582 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 113.0.5672.126 Description: The issue is related to type confusion in the V8 JavaScript engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the...

QuickJS 缓冲区错误漏洞

QuickJS is a small and embeddable Javascript engine. A security vulnerability exists in QuickJS, which is caused by a stack overflow...

CVE-2023-32212

An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-32210

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability...

CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-32205

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-32216

Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

UBUNTU-CVE-2023-30087

Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjsmkstring function in mjs.c...

UBUNTU-CVE-2023-30088

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjsexecute function in mjs.c...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS version v.1.26. An attacker has...

PT-2023-22311 · Cesanta · Cesanta Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta MJS version 2.20.0 Description: The issue is related to a SEGV vulnerability via mjs ffi cb free at src/mjs ffi.c, which can lead to a Denial of Service DoS. Recommendations: For Cesanta MJS version 2.20.0, consider disabling the mjs...

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue ...

Cesanta MJS Denial of Service Vulnerability (CNVD-2023-29378)

Cesanta MJS is a JavaScript engine designed for microcontrollers with limited resources. Cesanta MJS version 2.20.0 contains a denial of service vulnerability that can be exploited by attackers to launch a denial of service attack...

Cesanta MJS 安全漏洞

Cesanta MJS is a JavaScript engine designed for microcontrollers with limited resources. Cesanta MJS version 2.20.0 contains a denial of service vulnerability that can be exploited by attackers to launch a denial of service attack...

CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and...

CVE-2023-29536

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 112, Focus for Android 112,...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

PT-2023-7318 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.10 Description: The issue is related to a segmentation violation in the njs lvlhsh find function at src/njs lvlhsh.c and a memory reading issue in the js vmcode return function at src/njs vmcode.c. This could allow a...