Mozilla Firefox < 36.0.3

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 36.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2015-29 advisory. - Pwn2Own asm.js exploitCVE-2015-0817 CVE-2015-0817 Note that Nessus has not tested for this issue but has instead...

EUVD-2014-1564

Malware in sbrugna...

EUVD-2015-2802

Malware in sbrugna...

SUSE CVE-2014-1488

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js...

SUSE CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to...

SUSE CVE-2015-2712

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger...

Mozilla Firefox Security Advisory (MFSA2014-11) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2015-50) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to a type confusion bug in the asm.js arguments which would allow a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-0201...

CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

Memory corruption

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

CVE-2017-5400

The CVE-2017-5400 entry describes a exploit scenario arising from a JIT-spray targeting asm.js combined with a heap spray that bypasses ASLR and DEP, potentially causing memory corruption. Connected IBM advisories confirm affected product: IBM Storwize V7000 Unified (codes 1.5.1.0–1.5.2.5) with F...

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Exploit

Exploit for windows platform in category remote exploits 46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetad...

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution Exploit

Exploit for windows platform in category remote exploits CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of...

Firefox 46.0.1 ASM.JS JIT-Spray Remote Code Execution

CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of asm.js float pool payload/ var targeteip = 0x20200b58 / spr...

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution

CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of asm.js float pool payload/ var targeteip = 0x20200b58 / spr...

Firefox 44.0.2 ASM.JS JIT-Spray Remote Code Execution

46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x20200000 / target address of asm.js float pool payload/ var targeteip =...

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution

46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x20200000 / target address of asm.js float pool payload/...

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of...