22 matches found
EUVD-2002-1307
Malware in sbrugna...
CVE-2025-32792
SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...
CVE-2025-32792 ses's global contour bindings leak into Compartment lexical scope
SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free...
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy...
SUSE CVE-2013-1725
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...
DEBIAN-CVE-2016-9904
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...
UBUNTU-CVE-2016-9904
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...
Design/Logic Flaw
Use-after-free vulnerability in the JSGetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and...
CVE-2013-1738
CVE-2013-1738 describes a use-after-free in Mozilla’s JS_GetGlobalForScopeChain, enabling remote code execution via mismanaged garbage collection in default compartments during frame-chain restoration. Affected products from the provided data include Mozilla Firefox (before 24.0), Thunderbird (be...
CVE-2013-1725
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...
Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...
Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...
CVE-2013-1738
Use-after-free vulnerability in the JSGetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and...
Perl Safe module: Arbitrary Perl code injection
Background Safe is a Perl module to compile and execute code in restricted compartments. Description Unsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. Impact A remote attacker could entice a user to load ...
mctransd DoS
Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service temporary daemon outage via a large range of compartments in sensitivity labels...
CVE-2002-1323
CVE-2002-1323 concerns Safe.pm (versions <= 2.0.7) used with Perl
CVE-2002-1323
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in 1 Safe::reval or 2 Safe::rdo using a redefined @ variable, which is not reset between successive calls...
CVE-2002-1323
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in 1 Safe::reval or 2 Safe::rdo using a redefined @ variable, which is not reset between successive calls...
DSA-208 perl - broken safe compartment
Bulletin has no description...