CVE-2019-13123

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine issue 1 of 2...

Vulnerability Spotlight: Foxit PDF Reader JavaScript Array.includes remote code execution vulnerability

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Foxit PDF Reader contains a remote code execution vulnerability in its JavaScript engine. Foxit aims to be one of the most feature-rich PDF readers on the market, and contains many similar functions to that of Adobe Acrobat Reader...

CVE-2019-11751

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. Note: this issue...

CVE-2019-11734

Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 69...

CVE-2019-11752

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

CVE-2019-11746

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

Google Chrome V8 Buffer Overflow Vulnerability (CNVD-2019-41021)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A buffer overflow vulnerability exists in V8 in versions of Google Chrome prior to 76.0.3809.100. The vulnerability stems from a web system or product performing operations in memory without...

CVE-2019-11700

A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox 67...

CVE-2019-11710

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 68...

CVE-2019-11709

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

CVE-2019-11715

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11725

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This...

CVE-2019-11716

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNameswindow. Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes t...

CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Google V8 Array.prototype Memory Corruption Vulnerability

Summary A specific JavaScript code can trigger a memory corruption in V8 7.3.492.17 which could potentially be abused for remote code execution. In order to trigger this vulnerability in the context of a browser, such as Google Chrome, the victim would need to visit a malicious web page. Tested...

Google Chrome V8 Information Disclosure Vulnerability (CNVD-2019-23093)

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 56.0.2924.76, which stems from the program not adequately validating data. The vulnerability can be exploited by an...

DEBIAN-CVE-2019-5813

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2019-5807

Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-17478

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...