4444 matches found
CVE-2022-22749
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 96...
CVE-2022-46883
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
CVE-2022-22746
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird...
CVE-2022-46878
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
Internet Explorer Zero-Day Vulnerability Exploited by APT 37
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korean hackers identified as APT37 exploited a previously unknown Internet Explorer zero-day vulnerability to infect South Koreans, North Korean defectors, policymakers, journalists, and human righ...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type conversion errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released
On Friday, December 2, Google rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. The flaw could allow attackers to cause a system crash or execute potentially malicious code. That means you'll want to update Chrome to patch against this...
Minor update (6) for Vivaldi Desktop Browser 5.5
Download Vivaldi The following improvements were made since the fifth 5.5 minor update: Chromium Backported fix: Type Confusion in V8 CVE-2022-4262 Main photo byCamilo Jimenez...
Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis...
DEBIAN-CVE-2022-4262
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Google addressed an array of bugs with Chrome 108
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux fixes several vulnerabilities. There are eight high-severity security flaws and 14 medium-severity flaws. The most significa...
UBUNTU-CVE-2022-4174
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-40129
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...
CVE-2022-40129
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...
CVE-2022-37332
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to...
CVE-2022-32774
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2022-38097
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An...
CVE-2022-38097
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An...
Design/Logic Flaw
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...
Design/Logic Flaw
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to...