CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...

Design/Logic Flaw

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote...

CVE-2015-1209

Removed by vendor...

CVE-2015-1209

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote...

CVE-2014-9648

components/navigationinterception/interceptnavigationresourcethrottle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service loss of browser...

Memory corruption

The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...

CVE-2014-7930

Removed by vendor...

CVE-2014-7927

Removed by vendor...

CVE-2014-7928

hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy...

CVE-2014-7927

The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...

CVE-2011-1796

CVE-2011-1796 is a use-after-free in WebKit’s FrameView.cpp (WebCore) affecting Google Chrome up to version 11.0.696.65. The flaw allows a remote attacker to crash the browser (DoS) or potentially cause other impact via crafted JavaScript that calls removeChild while interacting with a FRAME elem...

CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive...

CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code that...

CVE-2014-3195

Removed by vendor...

CVE-2014-3190

Removed by vendor...

CVE-2014-3191

Removed by vendor...

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree,...

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree,...

CVE-2014-5318

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...