Lucene search
K

4 matches found

GoogleProjectZero
GoogleProjectZero
added 2020/09/01 12:0 a.m.63 views

JITSploitation I: A JIT Bug

By Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS...

8.8CVSS9.5AI score0.08207EPSS
Exploits4
0day.today
0day.today
added 2020/06/03 12:0 a.m.149 views

JSC JIT Out-Of-Bounds Access Vulnerability

The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations and vice versa during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations. JSC: JIT: Incorrect Common Subexpressi...

8.8CVSS1.2AI score0.08207EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/06/03 12:0 a.m.1104 views

JSC JIT Out-Of-Bounds Access

JSC: JIT: Incorrect Common Subexpression Elimination for ArithNegate, leading to OOB accesses The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations and vice versa during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds...

0.2AI score0.08207EPSS
Exploits2
Packet Storm
Packet Storm
added 2017/11/16 12:0 a.m.54 views

Microsoft Edge Chakra JIT Type Confusion

Microsoft Edge: Chakra: JIT: Type confusion with switch statements CVE-2017-11811 Let's start with a switch statement and its IR code for JIT. JS: for let i = 0; i 100; i++ switch i case 2: case 4: case 6: case 8: case 10: case 12: case 14: case 16: case 18: case 20: case 22: case 24: case 26: ca...

7.6CVSS7.8AI score0.6546EPSS
Exploits4
Rows per page
Query Builder