1341 matches found
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
/ A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites: 1. Spidermonkey can represent "plain" objects either as...
firefox security update
CentOS Errata and Security Advisory CESA-2019:0622 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
firefox security update
CentOS Errata and Security Advisory CESA-2019:0623 An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Updated firefox packages fix security vulnerability
Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...
Oracle Linux 7 : firefox (ELSA-2019-0622)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-0622 advisory. 60.6.0-3.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.6.0-3 - Added Google API keys mozbz1531176 60.6.0-2 -...
Scientific Linux Security Update : firefox on SL7.x x86_64 (20190320)
This update upgrades Firefox to version 60.6.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788 - Mozilla: Use-after-free when removing in-use DOM elements CVE-2019-9790 - Mozilla: Type inference is incorrect for constructors entered throu...
Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
FreeBSD : mozilla -- multiple vulnerabilities (05da6b56-3e66-4306-9ea3-89fafe939726)
Mozilla Foundation reports : CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script CVE-2019-9793: Improper...
CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
Mozilla Firefox ESR < 60.6
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-08 advisory. - A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with th...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script CVE-2019-9793: Improper...
Mozilla Firefox < 66.0
The version of Firefox installed on the remote Windows host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. - A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions,...
identYwaf - Blind WAF Identification Tool
identYwaf is an identification tool that can recognize web protection type i.e. WAF based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive non-destructive payloads, where those are used only to trigger the web protection system in...
Ruby: Command injection in Pathname
The command may be executed when the value passed to Pathname is the first character of "|". This is the same problem as https://bugs.ruby-lang.org/issues/14245, but here it is executed without warning. ruby $ ruby -v ruby 2.5.3p105 2018-10-18 revision 65156 x8664-darwin16 $ irb irbmain:001:0 ls ...
CVE-2017-15419
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...
CVE-2017-15419
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...
SUSE-SU-2018:2113-1 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1)
This update for the Linux Kernel 3.12.74-606460 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fro...
SUSE-SU-2018:2105-1 Security update for the Linux Kernel (Live Patch 24 for SLE 12)
This update for the Linux Kernel 3.12.61-5283 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...
SUSE-SU-2018:2096-1 Security update for the Linux Kernel (Live Patch 32 for SLE 12)
This update for the Linux Kernel 3.12.61-52122 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...