CVE-2020-12407

Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox 77...

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

CVE-2020-12388

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...

CVE-2020-6463

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-12396

Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 76...

The vulnerability of the V8 component in Google Chrome browsers allows a hacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.

The vulnerability of Google Chrome’s V8 component relates to access to data without type control. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity through a specially created HTML page...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to the execution of operations beyond the buffer in memory, allows attackers to trigger a service failure.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to incorrect implementation of the engine. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

Ubuntu: Security Advisory (USN-4347-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node-rules Arbitrary Code Execution Vulnerability

Node-rules is a lightweight forward linking rules engine written in JavaScript. An arbitrary code execution vulnerability exists in Node-rules. The vulnerability can be exploited to inject arbitrary commands using the "fromJSON" function...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to memory management after memory is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of Google Chrome’s V8 browser kernel relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to memory management after memory is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to a memory management error after the memory is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Google Chrome Code Execution Vulnerability (CNVD-2020-22855)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 81.0.4044.92. A remote attacker can exploit the vulnerability to execute arbitrary code or cause a denial of service wi...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to reading beyond the buffer in memory, allows attackers to gain unauthorized access to sensitive information.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to reading beyond the buffer in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information through a specially created HTML page...

UBUNTU-CVE-2020-6448

Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 browser allows attackers to compromise data integrity, cause service failures, or gain unauthorized access to confidential information.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 browser is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise data integrity, cause service failures, or gain unauthorized access to...

CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

chromium-browser: Inappropriate implementation in V8

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6426

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies

SMBv3 "Wormable" RCE Without a doubt, the hottest Microsoft vulnerability in March 2020 is the "Wormable" Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue. There was a strange story of how it was...