74 matches found
CVE-2018-5122
CVE-2018-5122 : A potential integer overflow in the WebCrypto DoCrypt function could lead to an out-of-bounds write. Affected product is Mozilla Firefox prior to version 58. This is documented across sources referencing Firefox WebCrypto vulnerability details and MFSA advisory context, confirming...
CVE-2018-5122
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox 58...
CVE-2017-7822
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...
Mozilla Firefox WebCrypto Out-of-Bounds Write Vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. WebCrypto is one of the encryption components. A security vulnerability exists in the 'DoCrypt' function of WebCrypto in versions of Mozilla Firefox prior to 58. A remote attacker could exploit this...
UBUNTU-CVE-2018-5122
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox 58...
CVE-2018-5122
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox 58...
EmbedInHTML - Embed and hide any file in an HTML file
What this tool does is taking a file any type of file, encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, save...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2017-32532)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions of Mozilla Firefox prior to Mozilla Firefox 56, which stems from the implementation of AES-GCM in the WebCrypto API accepting an IV...
Security vulnerabilities fixed in Firefox 56 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...
Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3058-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3058-1 advisory. An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to...
USN-3058-1 oxide-qt vulnerabilities
An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. CVE-2016-5141 A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to...
chromium-browser: Use-after-free in Blink
The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...
CVE-2016-5142
The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...
CVE-2016-5142
The CVE-2016-5142 entry describes a vulnerability in the Web Cryptography API (WebCrypto) implementation in Blink used by Google Chrome prior to 52.0.2743.116. The issue is a data buffer copy error in Blink (NormalizeAlgorithm.cpp and SubtleCrypto.cpp) that can cause a use-after-free, leading to ...