4287 matches found
chromium-browser: heap overflow in v8
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...
UBUNTU-CVE-2016-1678
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...
DEBIAN-CVE-2016-1669
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impa...
CVE-2016-0186
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0191 and CVE-2016-0193...
Memory corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...
CVE-2016-0191
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...
CVE-2016-0186
CVE-2016-0186 affects the Microsoft Edge Chakra JavaScript Engine. The root cause is improper validation in Array.unshift/Array.shift, leading to memory corruption that can enable remote code execution or memory DoS via a crafted web page. The CVE is discussed alongside other Chakra vulnerabiliti...
CVE-2016-0191
CVE-2016-0191 concerns a memory corruption/remote code execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The initial description states that a crafted website can trigger arbitrary code execution or a denial of service, but the connected documents do not supply concr...
Microsoft Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03020)
Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JScript engine is a JavaScript engine component used by IE and Edge web browser. A memory corruption vulnerability exists in the way the Microsoft Chakra...
Google Chrome Address Bar Forgery Vulnerability (CNVD-2016-02825)
Google Chrome is a popular web browser. Google Chrome V8 suffers from an address bar forgery vulnerability that allows remote attackers to exploit the vulnerability to build malicious WEB pages, trick users into parsing them, and spoof the address bar...
chromium-browser: information leak in v8
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...
DEBIAN-CVE-2016-2808
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...
CVE-2016-2808
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...
Out-of-bounds
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...
CVE-2016-2808
Vulnerability summary (CVE-2016-2808) : The watch() implementation in Firefox’s JavaScript engine can overflow the 32-bit generation counter of the underlying HashMap, causing a write to an invalid entry. This can enable remote attackers to execute arbitrary code or cause a denial of service when...
CVE-2016-2808
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...
UBUNTU-CVE-2016-1665
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...
UBUNTU-CVE-2016-2808
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...
CVE-2016-1646
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...
Google Fixes Four Critical Vulnerabilities in Latest Chrome Build
Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical. The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflo...