Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Mozilla Firefox: Remote code execution

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Invalid assumptions when emitting the the MCallGetProperty opcode in the JavaScript JIT may result in a use-after-free condition. Impact A remote attacker could possibly execute arbitrary code wi...

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

Apple WebKit Memory Corruption (CVE-2018-4233)

A remote code execution vulnerability exists in Apple WebKit. The vulnerability is due to a memory corruption when handling of objects in javascript JIT. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted js webpage. Successful exploitation...

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

Security fix for the ALT Linux 10 package firefox-esr version 60.2.2-alt1

Oct. 2, 2018 Andrey Cherepanov 60.2.2-alt1 - New ESR version 60.2.2 - Fixed: + CVE-2018-12386 Type confusion in JavaScript + CVE-2018-12387 JavaScript JIT compiler inlines Array.prototype.push with multiple arguments...

Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2 — Mozilla

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with...

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion / This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructio...

Mozilla Firefox ESR < 45.7 Multiple Vulnerabilities

Binary data 9928.prm...

Security update update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed: - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...