Foxit PDF Reader Javascript Field Action Validate Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

CVE-2011-2670

Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets...

CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

CVE-2019-17025

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 72...

CVE-2019-17018

When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox 72...

CVE-2019-17015

During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...

Mozilla Updates Firefox Browser: Zero-Day Bug Patched, Fingerprinting Nixed

UPDATE Mozilla patched a critical vulnerability actively being exploited in the wild with its latest update to the Firefox browser. Mozilla said in a security bulletin Wednesday that it was “aware of targeted attacks in the wild that were abusing the flaw. A successful attack “could make it...

chromium-browser: Out of bounds write in V8

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Type Confusion in V8

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Type Confusion in V8

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2013-1689

Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service crash, related to event handling with frames...

CVE-2019-11756

Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. This vulnerability affects Firefox 71...

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17012

Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.3,...

DEBIAN-CVE-2019-5878

Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

October 8, 2019—KB4520005 (Monthly Rollup)

October 8, 2019—KB4520005 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4516041released September 24, 2019 and addresses the following issues: Addresses an issue with applications and printer drivers that utilize the Window...

October 8, 2019—KB4520007 (Monthly Rollup)

October 8, 2019—KB4520007 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4516069released September 24, 2019 and addresses the following issues: Addresses an issue with applications and printer drivers that utilize the Window...

Foxit PhantomPDF 8.x < 8.3.12 / 9.x < 9.7 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.x 8.3.12 / 9.x 9.7. It is, therefore affected by multiple vulnerabilities: - An out-of-bounds error exists in the V8 JavaScript engine. An unauthenticated, remot...

Mozilla Firefox ESR < 17.0.10 Multiple Vulnerabilities

Binary data 701239.prm...

Google Chrome V8 Remote Code Execution Vulnerability (CNVD-2019-40080)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A remote code execution vulnerability exists in V8 in versions prior to Google Chromium 73.0.3683.103, which can be exploited by remote attackers to execute arbitrary code with the help of a...