EUVD-2024-0508

Malicious code in bioql PyPI...

ROS-20240904-12

A vulnerability in the ECMAScript 5 extension of the es5-ext package is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2024-27088

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

Code injection

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

CVE-2024-27088

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

CVE-2024-27088

CVE-2024-27088 affects the es5-ext library, which provides ECMAScript 5 extensions. The issue arises when passing functions with very long names or complex default argument names into the library’s copy or toStringTokens routines, potentially causing the script to stall. The vulnerability is publ...

Authentication flaw

Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 aka ES5 API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs...

CVE-2015-4516

CVE-2015-4516 affects Mozilla Firefox before 41.0. A crafted page can bypass ECMAScript 5 protections and modify immutable properties, allowing remote code to run with chrome privileges via JavaScript. The issue is fixed in Firefox 41.0 (and ESR tracks) per releases and security advisories; users...

CVE-2015-4516

Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 aka ES5 API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs...

KLA11454 Multiple vulnerabilities in SeaMonkey

Multiple vulnerabilities were found in SeaMonkey. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. Multiple memory corruption vulnerabilities...

JavaScript immutable property enforcement can be bypassed — Mozilla

Mozilla developer Jeff Walden reported that in Gecko's implementation of ECMAScript 5 API's enforces non-configurable properties with logic specific to each API. Scripts that do not go through these APIs can bypass these protections and make changes to the immutable properties in violation of...

Google Chrome Developer Tools vulnerability exploit-vulnerability warning-the black bar safety net

0x00 introduction The story originated in the Chromium source code in the named InjectedScriptSource.js files, this file is responsible for the console in the command execution. Maybe a lot of people would say: 【Wait! Why is the JavaScript in charge of the command execution,Chromium/Chrome is not...