4441 matches found
CVE-2023-28744
Foxit CVE-2023-28744 is a use-after-free in the JavaScript engine of Foxit PDF Reader/Editor. A specially crafted PDF can trigger reuse of freed memory in forms, leading to memory corruption and arbitrary code execution. Exploitation requires user action (opening a malicious PDF) or, if the brows...
CVE-2023-27379
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2023-33866
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2023-33866
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2023-27379
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2023-33866
CVE-2023-33866 corresponds to a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (affected version 12.1.2.15332). A crafted PDF can prematurely delete objects tied to pages, permitting reuse of freed memory and arbitrary code execution. Exploitation requires user action (openi...
CVE-2023-27379
CVE-2023-27379 affects Foxit PDF Reader, version 12.1.2.15332, with a use-after-free in the JavaScript engine caused by prematurely deleting objects on pages. This can allow arbitrary code execution when a user opens a crafted PDF or visits a crafted site with the browser plugin enabled. OpenVAS/...
Foxit PDF Reader < 12.1.3 Multiple Vulnerabilities
According to its version, the Foxit PDF Reader application previously named Foxit Reader installed on the remote Windows host is prior to 12.1.3. It is, therefore affected by multiple vulnerabilities: - A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in...
PT-2023-3893 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.1.2.15332 Description: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader. By prematurely deleting objects associated with pages, a specially crafted PDF document can...
PT-2023-3892 · Foxit · Foxit Pdf Reader +1
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.1.1.15289 Foxit PDF Editor affected versions not specified Description: A use-after-free issue exists in the JavaScript engine, allowing an attacker to execute arbitrary code by manipulating form fields of a specif...
Foxit Reader Choice Field use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1739 Foxit Reader Choice Field use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-28744 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.1.15289. A specially crafted PDF document c...
Foxit Reader Field Calculate event use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1756 Foxit Reader Field Calculate event use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-27379 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting...
PT-2023-3894 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.1.2.15332 Description: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader. By prematurely deleting objects associated with pages, a specially crafted PDF document can...
Foxit Reader Field OnBlur event use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1757 Foxit Reader Field OnBlur event use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-33866 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting...
ChakraCore 缓冲区错误漏洞
ChakraCore is a chakra-core open source JavaScript engine with C API. ChakraCore has a security vulnerability that stems from a stack overflow vulnerability contained in the function Js::ScopeSlots::IsDebuggerScopeSlotArray...
CVE-2023-29458
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use...
CVE-2023-29458
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use...
CVE-2023-3600
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...
CVE-2023-37204
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 115...
CVE-2023-37202
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...