Cesanta MJS 代码问题漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

Exploit for Out-of-bounds Write in Google Android

V8 JavaScript Engine ============= V8 is Google's open source J...

Code injection

There is an Assertion 'ecmaisvalueundefined value || ecmaisvaluenull value || ecmaisvalueboolean value || ecmaisvaluenumber value || ecmaisvaluestring value || ecmaisvaluebigint value || ecmaisvaluesymbol value || ecmaisvalueobject value' failed at jerry-core/ecma/base/ecma-helpers-value.c in...

Stack Overflow Vulnerability in QuickJS

QuickJS is a small and embeddable Javascript engine , it supports the ES2020 specification , including modules , asynchronous generators and proxies . QuickJS suffers from a stack overflow vulnerability that can be exploited to cause a program crash...

[SECURITY] Fedora 27 Update: nodejs-JSV-4.0.2-12.fc27

JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: The fastest extendable JSON validator available! Complete implementation of all current JSON Schema draft revisions. Supports creating individual environments sandboxes that...

[SECURITY] Fedora 28 Update: nodejs-JSV-4.0.2-12.fc28

JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: The fastest extendable JSON validator available! Complete implementation of all current JSON Schema draft revisions. Supports creating individual environments sandboxes that...

Researchers Warn of Microsoft Zero-Day RCE Bug

Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript,...

How to use JavaScript array extensions integer overflow vulnerabilities in WebKit-a vulnerability warning-the black bar safety net

I will be in this article to tell you about the vulnerability, CVE-2017-2536/ZDI-17-358, which is a typical plastic overflow vulnerability, when the system is in the calculation of the allocated space size, the vulnerability will likely lead to a heap buffer overflow. We not only give you...

Exploiting an integer overflow with array spreading (WebKit)

This article is about CVE-2017-2536 / ZDI-17-358, a classic integer overflow while computing an allocation size, leading to a heap-based buffer overflow. It was introduced in 99ed479, which improved the way JavaScriptCore handled ECMAScript 6 spreading operations, and discovered by saelo in...

ECMAScript modules in browsers

ES modules are now available in browsers! They're in… Safari 10.1. Chrome 61. Firefox 60. Edge 16. import addTextToBody from './utils.mjs'; addTextToBody'Modules are pretty cool.'; // utils.mjs export function addTextToBodytext const div = document.createElement'div'; div.textContent = text;...

Moderate: Red Hat Security Advisory: v8 security update

An update for v8 is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: v8 security update

An update for v8 is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

[SECURITY] Fedora 23 Update: nodejs-string-dot-prototype-dot-repeat-0.2.0-2.fc23

A robust & optimized String.prototype.repeat polyfill, based on the ECMAScript 6 specification...

[SECURITY] Fedora 23 Update: v8-3.14.5.10-25.fc23

V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition...

[SECURITY] Fedora 24 Update: v8-3.14.5.10-25.fc24

V8 is Google's open source JavaScript engine. V8 is written in C++ and is u sed in Google Chrome, the open source browser from Google. V8 implements ECMASc ript as specified in ECMA-262, 3rd edition...

Jsprime - A JavaScript Static Security Analysis Tool

Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side...

The vulnerability of the Firefox browser allows a hacker to bypass the protection mechanisms of ECMAScript 5 (ES5) APIs and execute arbitrary code.

The vulnerability of Firefox browsers is related to errors in security settings. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms of ECMAScript 5 ES5 APIs and execute arbitrary code using a specially crafted page that does not utilize ES5 mechanisms...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2015-06384)

Mozilla Firefox is an open source web browser. A security vulnerability in the Mozilla Firefox NetworkUtils.cpp file allows remote attackers to bypass the ECMAScript 5 API protection mechanism, modify immutable attributes, and execute arbitrary JavaScript code with chrome privileges...

Authentication flaw

Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 aka ES5 API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs...