Mozilla: Use-after-free when handling a ReadableStream

A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...

Mozilla: Use-after-free when handling a ReadableStream

A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2020-6820

A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...

Security fix for the ALT Linux 10 package firefox-esr version 68.6.1-alt1

April 4, 2020 Andrey Cherepanov 68.6.1-alt1 - New ESR version 68.6.1. - Fixed: + CVE-2020-6819 Use-after-free while running the nsDocShell destructor + CVE-2020-6820 Use-after-free when handling a ReadableStream...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 — Mozilla

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of...

UBUNTU-CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

VulnCheck KEV: CVE-2020-6820

Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...

Google Chrome / Chromium 'ReadableStream' Type Obfuscation Vulnerability

Chromium is a web browser led by Google.GoogleChrome is a simple and convenient web browsing tool developed by Google. Google Chrome / Chromium 'ReadableStream' type obfuscation vulnerability can be exploited by attackers to cause 'ReadableStream' internal object disclosure...

Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion

JSPromise::TriggerPromiseReactionsIsolate isolate, Handle reactions, Handle argument, PromiseReaction::Type type DCHECKreactions-IsSmi || reactions-IsPromiseReaction; // We need to reverse the reactions here, since we record them // on the JSPromise in the reverse order. DisallowHeapAllocation...

Google Chrome 72.0.3626.96 74.0.3702.0 - JSPromise::TriggerPromiseReactions Type Confusion

Google Chrome 72.0.3626.96 74.0.3702.0 - JSPromise::TriggerPromiseReactions Type Confusion JSPromise::TriggerPromiseReactionsIsolate isolate, Handle reactions, Handle argument, PromiseReaction::Type type DCHECKreactions-IsSmi || reactions-IsPromiseReaction; // We need to reverse the reactions her...

Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusi

Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion binding // These values are only used when serialization is enabled. if !RuntimeEnabledFeatures::TransferableStreamsEnabled return; v8::Local global = scriptstate-GetContext-Global; v8::Local...

Google Chrome 73.0.3683.39 Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion

Google Chrome 73.0.3683.39 Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion binding // These values are only used when serialization is enabled. if !RuntimeEnabledFeatures::TransferableStreamsEnabled return; v8::Local global = scriptstate-GetContext-Global; v8::Local...

Google Chrome 72.0.3626.96 / 74.0.3702.0 - JSPromise::TriggerPromiseReactions Type Confusion

JSPromise::TriggerPromiseReactionsIsolate isolate, Handle reactions, Handle argument, PromiseReaction::Type type DCHECKreactions-IsSmi || reactions-IsPromiseReaction; // We need to reverse the reactions here, since we record them // on the JSPromise in the reverse order. DisallowHeapAllocation...

Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion

binding // These values are only used when serialization is enabled. if !RuntimeEnabledFeatures::TransferableStreamsEnabled return; v8::Local global = scriptstate-GetContext-Global; v8::Local context = scriptstate-GetContext; v8::Isolate isolate = scriptstate-GetIsolate; const auto ObjectGet =...

Chrome JSPromise::TriggerPromiseReactions Type Confusion

Chrome: Type confusion in JSPromise::TriggerPromiseReactions VULNERABILITY DETAILS ==1. TriggerPromiseReactions== https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=d24c8dd69f1c7e89553ce101272aedefdb41110d&l=5975 Handle JSPromise::TriggerPromiseReactionsIsolate isolate, Handle reactions,...

WebKit constructJSReadableStreamDefaultReader Type Confusion

WebKit: Type confusion in constructJSReadableStreamDefaultReader CVE-2017-2457 EncodedJSValue JSCHOSTCALL constructJSReadableStreamDefaultReaderExecState& exec VM& vm = exec.vm; auto scope = DECLARETHROWSCOPEvm; JSReadableStream stream = jsDynamicDowncastexec.argument0; if !stream return...

Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - constructJSReadableStreamDefaultReader Type Confusion

Exploit for multiple platform in category web applications exec.argument0; if !stream return throwArgumentTypeErrorexec, scope, 0, "stream", "ReadableStreamReader", nullptr, "ReadableStream"; JSValue jsFunction = stream-get&exec, Identifier::fromString&exec, "getReader"; let rs = new...

WebKit: Type confusion in constructJSReadableStreamDefaultReader(CVE-2017-2457)

EncodedJSValue JSCHOSTCALL constructJSReadableStreamDefaultReaderExecState& exec VM& vm = exec.vm; auto scope = DECLARETHROWSCOPEvm; JSReadableStream stream = jsDynamicDowncastexec.argument0; if !stream return throwArgumentTypeErrorexec, scope, 0, "stream", "ReadableStreamReader", nullptr,...