Memory Corruption Vulnerability in ChakraCore

ChakraCore is the core part of an open source ChakraJavaScript scripting engine used in the Edge browser or as a separate JavaScript engine . A memory corruption vulnerability exists in ChakraCore, which can be exploited by attackers to cause a denial of service...

chromium-browser: Type Confusion in V8

Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Fedora: Security Advisory for mozjs68 (FEDORA-2020-4334da4020)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome V8 Buffer Overflow Vulnerability (CNVD-2020-32317)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 80.0.3987.162. A remote attacker can exploit this vulnerability to cause heap corruption with the help of specially...

Google Chrome V8 Buffer Overflow Vulnerability (CNVD-2020-32316)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A buffer overflow vulnerability exists in V8 in versions of Google Chrome prior to 81.0.4044.92. A remote attacker can exploit this vulnerability to cause heap corruption with the help of special...

Google Chrome V8 Information Disclosure Vulnerability (CNVD-2020-32315)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 14.0.0.0, which stems from the program failing to fully enforce policies. The vulnerability can be exploited by a remot...

UBUNTU-CVE-2020-6419

Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

CVE-2020-12407

Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox 77...

CVE-2020-12408

When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...

CVE-2020-12388

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...

CVE-2020-6463

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-12396

Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 76...

CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

Ubuntu: Security Advisory (USN-4347-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node-rules Arbitrary Code Execution Vulnerability

Node-rules is a lightweight forward linking rules engine written in JavaScript. An arbitrary code execution vulnerability exists in Node-rules. The vulnerability can be exploited to inject arbitrary commands using the "fromJSON" function...

Google Chrome Code Execution Vulnerability (CNVD-2020-22855)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 81.0.4044.92. A remote attacker can exploit the vulnerability to execute arbitrary code or cause a denial of service wi...

UBUNTU-CVE-2020-6448

Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

chromium-browser: Inappropriate implementation in V8

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...