SUSE CVE-2019-5853

Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...

nodejs: DNS rebinding in --inspect

A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...

Microsoft Internet Explorer array Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-13313

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...

chromium-browser: Inappropriate implementation in JavaScript

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2019-5857

Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

DEBIAN-CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...

Microsoft Chakra Typed Array Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

Drupal developers patched two critical vulnerabilities this week in versions 7 and 8 of its content management system platform. Overall, Drupal patched seven vulnerabilities including four rated moderately critical and two flaws rated less critical. The first of the critical flaws is a comment...

Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0223)

From Red Hat Security Advisory 2008:0223 : Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security...

acroread: multiple unspecified flaws (APSB12-08, APSB12-01)

The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CVE-2011-2991

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

thunderbird security update

CentOS Errata and Security Advisory CESA-2011:1165 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring...

firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw

The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus metho...

Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method

Overview Adobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes...

firefox security update

CentOS Errata and Security Advisory CESA-2008:0222 Updated firefox packages that fix a security bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web...

seamonkey security update

CentOS Errata and Security Advisory CESA-2008:0223-02 Updated seamonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat...

RHEL 4 / 5 : firefox (RHSA-2008:0222)

Updated firefox packages that fix a security bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A flaw was found in the processing of...