CVE-2023-29536

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...

PT-2023-7318 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.10 Description: The issue is related to a segmentation violation in the njs lvlhsh find function at src/njs lvlhsh.c and a memory reading issue in the js vmcode return function at src/njs vmcode.c. This could allow a...

Nginx 安全漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. in the United States. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in Nginx NJS. An attacker can exploit this...

CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page...

CVE-2023-28177

Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 111...

CVE-2023-25750

Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox 111...

SUSE CVE-2023-1214

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

UBUNTU-CVE-2023-1214

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type obfuscation issue in V8. An attacker could use this vulnerability to cause heap corruption via specially crafted HTML pages...

USN-5893-1 webkit2gtk vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

SUSE CVE-2005-0989

The findreplen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method...

SUSE CVE-2005-2705

Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code...

SUSE CVE-2006-0019

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...

SUSE CVE-2006-0292

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

SUSE CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

SUSE CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving 1 long strings in the toSource method of the Object, Array, and String objects...

SUSE CVE-2006-5748

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger memory...

SUSE CVE-2006-6498

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service memory corruption an...

SUSE CVE-2007-0777

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via certain vectors that trigger memory corruption...