NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2021-0154)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bound...

Internet Explorer jscript9.dll Memory Corruption

Internet Explorer: Memory corruption in jscript9.dll related to scope of the arguments object There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing attacker-controlled website in Internet Explorer. The vulnerability has been...

Mozilla: Type confusion for special arguments in IonMonkey

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

Mozilla: Type confusion for special arguments in IonMonkey

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

Mozilla: Type confusion for special arguments in IonMonkey

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

CVE-2020-15656

CVE-2020-15656 involves a type confusion for special arguments in IonMonkey affecting Firefox ESR <78.1, Firefox <79, and Thunderbird

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. A type-confusion bug in the JIT optiomizations involving the Javascript arguments object could confuse later optimization and result in arbitrary code execution...

CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

UBUNTU-CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write Exploit

function f0 function f1 f2.prototype = arguments; new f2; function f2 Array.prototype.sort.callthis, f0; f11, 2, 3; !-- ========================================================= Details: JsArrayFunctionHeapSort is called when sorting an array with a provided comparison function. One of its...

WebKit: JSC: Incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform(CVE-2017-7056)

Here is a snippet of ArgumentsEliminationPhase::transform case LoadVarargs: ... if candidate-op == PhantomNewArrayWithSpread || candidate-op == PhantomSpread ... if argumentCountIncludingThis limit storeArgumentCountIncludingThisargumentCountIncludingThis; // store arguments ... node-remove;...

WebKit JSC - ArgumentsEliminationPhase::transform Incorrect LoadVarargs Handling

WebKit JSC - ArgumentsEliminationPhase::transform Incorrect LoadVarargs Handling op == PhantomNewArrayWithSpread || candidate-op == PhantomSpread ... if argumentCountIncludingThis limit storeArgumentCountIncludingThisargumentCountIncludingThis; // store arguments ... node-remove; node-origin.exit...

Google Chrome Developer Tools vulnerability exploit-vulnerability warning-the black bar safety net

0x00 introduction The story originated in the Chromium source code in the named InjectedScriptSource.js files, this file is responsible for the console in the command execution. Maybe a lot of people would say: 【Wait! Why is the JavaScript in charge of the command execution,Chromium/Chrome is not...