[SECURITY] [DLA 1829-1] firefox-esr security update

Package : firefox-esr Version : 60.7.1esr-1deb8u1 CVE ID : CVE-2019-11707 Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. For Debian 8 "Jessie", this...

Debian: Security Advisory (DSA-4466-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome V8 Security Bypass Vulnerability

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 75.0.3770.80. An attacker can exploit this vulnerability to bypass security restrictions and gain unauthorized access t...

Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script

IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be used to achieve memory corruption. Prerequisites Magic Values Spidermonkey represents JavaScript values with the C++ type JS::Value 1, which is a NaN-boxed value that c...

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia. Also, the campaigns featured modified versions of...

CVE-2019-9821

A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox 67...

CVE-2019-9814

Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 67...

chromium-browser: Out of bounds read in V8

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Memory corruption in V8

Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Out-of-bounds write in V8

Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome V8 Out-of-Bounds Write Vulnerability

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. An out-of-bounds write vulnerability exists in V8 in versions prior to Google Chrome 74.0.3729.131. The vulnerability stems from a networked system or product that performs an operation in memory...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Same-Origin Policy Bypass

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Authentication Bypass

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Authentication Bypass

Mozilla Firefox is vulnerable to authentication bypass. It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Stack-based Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

CVE-2018-18510

The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service DOS attack by a malicious site which links to these pages. This vulnerabilit...

Google Chrome JavaScript Engine Denial of Service Vulnerability

Google Chrome is a web browser developed by Google Inc. A denial of service vulnerability exists in the Google Chrome JavaScript Engine engine, which can be exploited by an attacker to compromise the driver engine, resulting in a denial of service condition...