pwn4fun Spring 2014 - Safari - Part I

Posted by Ian Beer Back in March this year I entered the pwn4fun hacking contest at CanSecWest http://www.pwn2own.com/2014/03/pwning-lulzand-charity/ targeting Safari running on a brand new MacBook Air. In this first post I’ll detail how I got code execution within the Safari renderer sandbox usi...

Avant Browser 11.7 Build 9 - JavaScript Engine Integer Overflow Vulnerability

source: http://www.securityfocus.com/bid/31155/info Avant Browser is prone to an integer-overflow vulnerability that occurs in the JavaScript engine. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious site. Successfully exploiting this issue may allow...

openSUSE Security Update : v8 (openSUSE-SU-2013:0241-1)

The JavaScript engine V8 was updated to 3.16.4.0 to fix lots of bugs and security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-79. The text description of this plugin ...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4073)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.17, fixing various security issues. Following security issues were fixed: MFSA 2010-74 / CVE-2010-3777: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products...

UBUNTU-CVE-2014-3152

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a...

Google Chrome < 35.0.1916.114 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 35.0.1916.114. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to 'styles' and 'SVG' handling. CVE-2014-1743, CVE-2014-1745 - An integer overflow error exis...

UBUNTU-CVE-2014-1736

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value...

Google Chrome < 34.0.1847.131 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.131. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists related to the included version of Flash Player. CVE-2014-0515 - Type confusion errors exist related to the...

Google Chrome < 34.0.1847.131 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.131. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists related to the included version of Flash Player. CVE-2014-0515 - Type confusion errors exist relat...

Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

Binary data 8208.pasl...

UBUNTU-CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...

UBUNTU-CVE-2014-1729

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

UBUNTU-CVE-2014-1716

Cross-site scripting XSS vulnerability in the RuntimeSetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS UXSS."...

Google Chrome V8 JavaScript Engine Memory Corruption (CVE-2014-1705)

A memory corruption vulnerability exist in Google Chrome. The vulnerability is due to an error while processing JavaScript code by the V8 JavaScript Engine. A remote attacker could exploit this vulnerability by enticing a user to open a malicious web page...

Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. CVE-2014-0506 - A buffer overflow...

Mozilla: Use-after-free in TypeObject (MFSA 2014-30)

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

Design/Logic Flaw

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is prior to 24.4 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to improper...