CVE-2016-3389

The CVE-2016-3389 entry concerns the Chakra JavaScript engine in Microsoft Edge. It describes memory corruption that can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted website. The connected advisories reiterate the same description but do not provide ...

CVE-2016-3382

CVE-2016-3382 is linked to a Chakra-based memory corruption vulnerability affecting the scripting engines in Microsoft Internet Explorer 9–11 and Microsoft Edge. The related GitHub advisory notes an RCE/DoS scenario via a crafted web site, demonstrating exploitation through the Chakra JavaScript ...

CVE-2016-7189

CVE-2016-7189 affects the Chakra JavaScript engine in Microsoft Edge. The connected sources describe a remote code execution vulnerability triggered by visiting a crafted web page, stemming from improper handling of objects in memory. The impact is high (RCE), with attack vector over the network ...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...

Microsoft Scripting Engine Memory Corruption (MS16-119: CVE-2016-7194)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

KLA10885 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities 1. An improper memory objects handlin...

Microsoft Edge Memory Corruption (MS16-119: CVE-2016-3386)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (MS16-119: CVE-2016-7190)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

chromium-browser: use after free in v8

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service crash or possibly have unspecified other impact via unknown vectors...

UBUNTU-CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

Memory corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3377...

CVE-2016-3377

CVE-2016-3377 affects the Chakra JavaScript engine in Microsoft Edge. The vulnerability involves memory corruption in the scripting engine when handling objects, exploitable by remote attackers via a crafted website, potentially enabling remote code execution or a denial-of-service. Connected doc...

CVE-2016-3350

The CVE-2016-3350 entry concerns the Chakra JavaScript engine in Microsoft Edge. It describes a memory corruption vulnerability in the Chakra engine that could allow remote code execution or a denial of service via a specially crafted website. Connected sources corroborate a Chakra memory corrupt...

Microsoft Edge Multiple Vulnerabilities (3183043)

This host is missing a critical security update according to Microsoft Bulletin MS16-105 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1028)

This update for MozillaFirefox, mozilla-nss fixes the following issues : Changes in MozillaFirefox : - Mozilla Firefox 48.0.1 : - Fixed an audio regression impacting some major websites bmo1295296 - Fix a top crash in the JavaScript engine bmo1290469 - Fix a startup crash issue caused by Websense...

openSUSE Security Update : Firefox (openSUSE-2016-1019)

This update includes Firefox 48.0.1 to fix a few regressions and a security issue : - Fix an audio regression impacting some major websites - Fix a top crash in the JavaScript engine - Fix a startup crash issue caused by Websense - Fix a different behavior with e10s / non-e10s on select and mouse...

CVE-2016-3296

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

[SECURITY] Fedora 24 Update: v8-3.14.5.10-25.fc24

V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition...

chromium-browser: memory corruption in v8

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

chromium-browser: same-origin bypass in v8

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...