CVE-2020-26951

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

CVE-2020-26963

Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox 83...

Stack Overflow Out-of-Bounds Write Vulnerability in Microsoft ChakraCore

Microsoft ChakraCore is an open source ChakraJavaScript scripting engine used by Microsoft in the Edge browser, or as a stand-alone JavaScript engine. A stack overflow out-of-bounds write vulnerability exists in Microsoft ChakraCore. An attacker could exploit this vulnerability to cause a softwar...

Two New Chrome 0-Days Under Active Attacks – Update Your Browser

Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. The company released 86.0.4240.198 for Windows, Mac, and Linux, which it said will be rolling out over...

CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2...

New Chrome Zero-Day Under Active Attacks – Update Your Browser

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming...

DEBIAN-CVE-2020-15979

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-16006

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome V8 Improperly Implemented Vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A V8 mal-implementation vulnerability exists in versions prior to Google Chrome 86.0.4240.183. A remote attacker could potentially exploit this vulnerability to cau...

CVE-2020-15684

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 82...

CVE-2020-15681

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox 82...

CVE-2020-15667

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controll...

Announcing the Fuzzilli Research Grant Program

Posted by Samuel Groß, Project Zero Project Zero’s mission is to make 0-day hard in order to improve end-user security. We attack this problem in different ways, including supporting other security researchers. While Google currently offers research grants, they are limited to academics and those...

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

CVE-2020-15674

Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 81...

Google Chrome Type Obfuscation Vulnerability (CNVD-2020-53301)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A type-obfuscation vulnerability exists in V8 in versions of Google Chrome prior to 85.0.4183.121. A remote attacker can exploit this vulnerability to conduct...

DEBIAN-CVE-2020-6537

Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

UBUNTU-CVE-2020-6537

Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

JITSploitation II: Getting Read/Write

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...