239 matches found
Design/Logic Flaw
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
CVE-2019-11691
CVE-2019-11691 is a use-after-free vulnerability in XMLHttpRequest (XHR) triggered by an event loop, causing the XHR main thread to be invoked after the object is freed. Affects Thunderbird versions < 60.7 and Firefox/Firefox ESR versions
CVE-2019-11691
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Regular Expression Denial Of Service (ReDoS)
useragent is vulnerable to regular expression denial of service ReDoS. The attacker can edit the useragent header to include a long useragent string containing long numbers or letters exhausting the CPU via an event loop and eventually crashing the server...
Mozilla: Use-after-free in XMLHttpRequest
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Denial Of Service (DoS)
firefox/thunderbird is vulnerable to denial of service. A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash...
Mozilla: Use-after-free in XMLHttpRequest
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Mozilla: Use-after-free in XMLHttpRequest
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Mozilla: Use-after-free in XMLHttpRequest
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
CVE-2019-11691
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
UBUNTU-CVE-2019-11691
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Use-After-Free
mozilla frefox is vulnerable to use-after-free vulnerability. Remote attackers can execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...
Regular Expression Denial of Service in jshamcrest
The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...
SUSE-SU-2018:3749-2 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 bsc1112852 - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395...
GHSA-F523-2F5J-GFCG Regular Expression Denial of Service in timespan
Affected versions of timespan are vulnerable to a regular expression denial of service when parsing dates. The amplification for this vulnerability is significant, with 50,000 characters resulting in the event loop being blocked for around 10 seconds. Recommendation No direct patch is available f...
Moderate severity vulnerability that affects is-my-json-valid
Withdrawn, accidental duplicate publish. The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports'utc-millisec' regular expression, which allows remote attackers to cause a denial of service blocked event loop via a crafted string...
Regular Expression Denial of Service in marked
Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later...
Regular Expression Denial of Service in slug
Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input. The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds, About 50k characters can block the event loop for 2 seconds. Recommendatio...
CVE-2017-16030
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...
CVE-2017-16118
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...