[ASA-201703-3] firefox: multiple issues

Arch Linux Security Advisory ASA-201703-3 ========================================= Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410...

The vulnerability of the Mac OS X operating system, which allows a perpetrator to gain access to protected information

The vulnerability of the IOAcceleratorFamily component in the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an intruder, acting locally, to gain access to protected information about the kernel’s memory layout using...

The vulnerability of the Mac OS X operating system, which allows a perpetrator to gain access to protected information

The vulnerability of the IOSurface component in the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an intruder, acting locally, to gain access to protected information about the kernel’s memory layout using uncertain vector...

UBUNTU-CVE-2017-5413

A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox 52 and Thunderbird 52...

CVE-2017-5413

A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox 52 and Thunderbird 52...

DEBIAN-CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

Microsoft Internet Explorer and Edge Remote Code Execution Vulnerability (CNVD-2017-02514)

Microsoft Internet Explorer is the default browser that comes with operating systems prior to Windows 10, and Microsoft Edge is the default browser that comes with the latest operating system, Windows 10. The 'Layout::MultiColumnBoxBuilder:. HandleColumnBreakOnColumnSpanningElement' function has ...

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...

Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion Exploit

Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement. Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement CVE-2017-0037 PoC: .class1 float: left; column-count: 5; .class2 column-span: all; columns: 1px; table...

Google Chrome: out-of-bound read in layout

Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=671328 PoC: content contain: size layout; function leak document.execCommand"selectAll"; opt.text = ""; aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Infoleak is demonstrated in th...

The ASLR protection mechanism is a breakthrough attack technical analysis-vulnerability warning-the black bar safety net

Recently, hardware-based attacks have been started by Rowhammer memory leaks or bypass the address space layout randomization protection mechanisms to attack the system, these attacks are based on the processor's memory management unit MMU with a page table interactive interactive manner. These...

Microsoft Office PowerPoint 2010 - MSO!Ordinal5429 Missing Length Check Heap Corruption Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=949 Platform: Microsoft Office 2010 on Windows 7 x86 Class: heap memory corruption The following crash was observed in Microsoft Office 2010 running under Windows 7 x86 with...

Google Chrome - 'layout' Out-of-Bounds Read

content contain: size layout; function leak document.execCommand"selectAll"; opt.text = ""; aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...

Google Chrome - layout Out-of-Bounds Read

Google Chrome - layout Out-of-Bounds Read content contain: size layout; function leak document.execCommand"selectAll"; opt.text = ""; aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...

Google Chrome - layout Out-of-Bounds Read Vulnerability

Exploit for multiple platform in category dos / poc content contain: size layout; function leak document.execCommand"selectAll"; opt.text = ""; aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 0day.today 2018-03-20...

Microsoft Office PowerPoint 2010 - MSO!Ordinal5429 Missing Length Check Heap Corruption

Microsoft Office PowerPoint 2010 - MSO!Ordinal5429 Missing Length Check Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=949 Platform: Microsoft Office 2010 on Windows 7 x86 Class: heap memory corruption The following crash was observed in Microsoft Office 2010...

CVE-2016-7714

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors...

CVE-2017-2357

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app...

CVE-2016-7714

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors...

CVE-2016-7624

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors...