CVE-2016-0191

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...

CVE-2016-0186

CVE-2016-0186 affects the Microsoft Edge Chakra JavaScript Engine. The root cause is improper validation in Array.unshift/Array.shift, leading to memory corruption that can enable remote code execution or memory DoS via a crafted web page. The CVE is discussed alongside other Chakra vulnerabiliti...

CVE-2016-0191

CVE-2016-0191 concerns a memory corruption/remote code execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The initial description states that a crafted website can trigger arbitrary code execution or a denial of service, but the connected documents do not supply concr...

Microsoft Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03020)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JScript engine is a JavaScript engine component used by IE and Edge web browser. A memory corruption vulnerability exists in the way the Microsoft Chakra...

Google Chrome Address Bar Forgery Vulnerability (CNVD-2016-02825)

Google Chrome is a popular web browser. Google Chrome V8 suffers from an address bar forgery vulnerability that allows remote attackers to exploit the vulnerability to build malicious WEB pages, trick users into parsing them, and spoof the address bar...

chromium-browser: information leak in v8

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

DEBIAN-CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

Out-of-bounds

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

CVE-2016-2808

Vulnerability summary (CVE-2016-2808) : The watch() implementation in Firefox’s JavaScript engine can overflow the 32-bit generation counter of the underlying HashMap, causing a write to an invalid entry. This can enable remote attackers to execute arbitrary code or cause a denial of service when...

CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

UBUNTU-CVE-2016-1665

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

UBUNTU-CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

Google Fixes Four Critical Vulnerabilities in Latest Chrome Build

Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical. The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflo...

UBUNTU-CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vecto...

chromium-browser: Multiple unspecified vulnerabilities in V8 before 4.9.385.26

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

UBUNTU-CVE-2016-2843

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

Google Chrome Denial of Service Vulnerability (CNVD-2016-00722)

Google Chrome is a web browser. Google V8 is one of the open source JavaScript engines. A security vulnerability exists in Google Chrome that allows remote attackers to build malicious web pages that can be exploited to trick users into parsing, which can crash applications...

Google Chrome V8 Denial of Service Vulnerability (CNVD-2016-00780)

Google Chrome is the United States Google Google company developed a Web browser. Google V8 is one of the open source JavaScript engine. A security vulnerability exists in Google Chrome prior to version 48.0.2564.82 and in Google V8 prior to version 4.8.271.17, which it uses. An attacker can...