Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2017-03376)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Scripting Engine is one of the JavaScript engine components. A memory corruption vulnerability exists in the Scripting Engine component in Microsoft Edge. A remote...

Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2017-03377)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Scripting Engine is one of the JavaScript engine components. A memory corruption vulnerability exists in the Scripting Engine component in Microsoft Edge. A remote...

Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free

f.onload = null; for var x in window if whitelist.indexOfx != -1 continue; try window.lookupGetterx.callf.contentWindow; logx; catch e ; f.src = "https://abc.xyz/"; document.body.appendChildf; And after some plays, finally reached an UAF condition. PoC is attached. RIP will jump into the freed JI...

chromium-browser: information disclosure in v8

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page...

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0067)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted file...

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0094)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0133)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted file...

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0071; CVE-2017-8548)

A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page...

Google Chrome 57 Browser Update Patches 'High' Severity Flaws

Google released an updated version of its Chrome browser on Thursday to fix nine high-severity vulnerabilities that if exploited could allow adversaries to take control of targeted systems. As part of the update, Google thanked nearly two dozen bug hunters with bug bounty payments totaling $38,00...

UBUNTU-CVE-2017-5030

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page...

UBUNTU-CVE-2017-5046

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure...

USN-3200-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of the V8 component in Google Chrome browsers arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure through a specially created HTML page...

UBUNTU-CVE-2017-5012

A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of Google Chrome browser allows a perpetrator to gain access to protected information.

The vulnerability of the V8 component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information through a specially created HTML page...

CVE-2016-5213

A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2016-5198

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page...

CVE-2016-10141

An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or...

Adobe Reader < 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)

The version of Adobe Reader installed on the remote Windows host is a version prior to 15.006.30279 or 15.023.20053. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable...

Adobe Acrobat < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an...