JerryScript has a binary vulnerability (CNVD-2020-72431)

JerryScript is a lightweight JavaScript engine . A binary vulnerability exists in JerryScript, which can be exploited by attackers to cause a denial of service...

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

JerryScript has a binary vulnerability (CNVD-2020-72404)

JerryScript is a lightweight JavaScript engine . A binary vulnerability exists in JerryScript, which can be exploited by attackers to cause a denial of service...

JerryScript has a binary vulnerability (CNVD-2020-72424)

JerryScript is a lightweight JavaScript engine . A binary vulnerability exists in JerryScript, which can be exploited by attackers to cause a denial of service...

Google Chrome Information Disclosure Vulnerability

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in versions prior to Google chrome 87.0.4280.88 that stems from the use of uninitialized V8...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. Google chrome has a security vulnerability that stems from insufficient data validation in V8. A remote attacker can exploit the vulnerability to conduct a potential attack by leveraging heap corruption via a crafted HTML page...

CVE-2020-26969

Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 83...

CVE-2020-26960

If the Compact method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Stack Overflow Vulnerability in Google V8 Java Engine

Google V8 is a set of open source JavaScript engine . A stack overflow vulnerability exists in Google V8 Java Engine. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2020-26951

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

CVE-2020-26963

Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox 83...

Stack Overflow Out-of-Bounds Write Vulnerability in Microsoft ChakraCore

Microsoft ChakraCore is an open source ChakraJavaScript scripting engine used by Microsoft in the Edge browser, or as a stand-alone JavaScript engine. A stack overflow out-of-bounds write vulnerability exists in Microsoft ChakraCore. An attacker could exploit this vulnerability to cause a softwar...

Two New Chrome 0-Days Under Active Attacks – Update Your Browser

Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. The company released 86.0.4240.198 for Windows, Mac, and Linux, which it said will be rolling out over...

CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2...

New Chrome Zero-Day Under Active Attacks – Update Your Browser

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming...

DEBIAN-CVE-2020-15979

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-16006

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome V8 Improperly Implemented Vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A V8 mal-implementation vulnerability exists in versions prior to Google Chrome 86.0.4240.183. A remote attacker could potentially exploit this vulnerability to cau...

CVE-2020-15684

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 82...