CVE-2016-3199

The Chakra JavaScript engine in Microsoft Edge is affected by CVE-2016-3199, described as a memory corruption vulnerability triggered by a crafted web site that can lead to remote code execution or a denial of service. Connected advisories (GHSA-VFJW-CRCQ-Q92V and GHSA-538H-6RV2-WMJ3) reference a...

Microsoft Edge Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-04074)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JavaScript engine is a JavaScript engine component used by Edge web browser. A memory vulnerability exists in the way the Chakra JavaScript engine used in...

MS16-068: Cumulative Security Update for Microsoft Edge (3163656)

The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3163656. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists due to a failure to properly validate specially crafted documents. An...

chromium-browser: out-of-bounds read in v8

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

chromium-browser: heap overflow in v8

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

Microsoft Edge browser vulnerability, which allows a hacker to trigger a service failure or execute arbitrary code

The vulnerability of the Chakra JavaScript engine in Microsoft Edge browsers is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure memory corruption through a specially crafted web page...

UBUNTU-CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

DEBIAN-CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impa...

CVE-2016-0186

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0191 and CVE-2016-0193...

Memory corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...

CVE-2016-0191

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...

CVE-2016-0186

CVE-2016-0186 affects the Microsoft Edge Chakra JavaScript Engine. The root cause is improper validation in Array.unshift/Array.shift, leading to memory corruption that can enable remote code execution or memory DoS via a crafted web page. The CVE is discussed alongside other Chakra vulnerabiliti...

CVE-2016-0191

CVE-2016-0191 concerns a memory corruption/remote code execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The initial description states that a crafted website can trigger arbitrary code execution or a denial of service, but the connected documents do not supply concr...

Microsoft Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03020)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JScript engine is a JavaScript engine component used by IE and Edge web browser. A memory corruption vulnerability exists in the way the Microsoft Chakra...

Google Chrome Address Bar Forgery Vulnerability (CNVD-2016-02825)

Google Chrome is a popular web browser. Google Chrome V8 suffers from an address bar forgery vulnerability that allows remote attackers to exploit the vulnerability to build malicious WEB pages, trick users into parsing them, and spoof the address bar...

chromium-browser: information leak in v8

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

DEBIAN-CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

Out-of-bounds

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

CVE-2016-2808

Vulnerability summary (CVE-2016-2808) : The watch() implementation in Firefox’s JavaScript engine can overflow the 32-bit generation counter of the underlying HashMap, causing a write to an invalid entry. This can enable remote attackers to execute arbitrary code or cause a denial of service when...