4514 matches found
CVE-2025-49710 Integer overflow in OrderedHashTable
An integer overflow was present in OrderedHashTable used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4...
CVE-2025-49710
An integer overflow was present in OrderedHashTable used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4...
CVE-2025-5959
A flaw was found in chromium. A type confusion vulnerability exists within the V8 JavaScript engine, allowing a remote attacker to trigger arbitrary code execution within the browser's sandbox through a specially crafted HTML page. This issue occurs due to improper type handling during object...
Mozilla Firefox 输入验证错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An input validation error vulnerability exists in Mozilla Firefox versions prior to 139.0.4, which stems from an integer overflow in OrderedHashTable in the JavaScript engine...
Firefox -- Multiple vulnerabilities
[email protected] reports: CVE-2025-49709: Certain canvas operations could have lead to memory corruption. CVE-2025-49710: An integer overflow was present in OrderedHashTable used by the JavaScript engine...
Security Vulnerabilities fixed in Firefox 139.0.4 — Mozilla
Certain canvas operations could have lead to memory corruption. An integer overflow was present in OrderedHashTable used by the JavaScript engine...
PT-2025-25207
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139.0.4 Description An integer overflow occurred in the OrderedHashTable used by the JavaScript engine. Recommendations For versions prior to 139.0.4, update to version 139.0.4 or later to resolve the issue...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...
SUSE CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an out-of-bounds read/write vulnerability that stems from an out-of-bounds read/write issue in the V8 engine, which can be exploited by an attacker to trigger the vulnerability via a malicious web page, bypassing t...
CVE-2025-5280
Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2025-5271
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...
CVE-2025-5270
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139...
CVE-2025-5264
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...
CVE-2025-5268
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...
CVE-2024-3862
The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox 125...
CVE-2023-27379
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution...
CVE-2021-33441
An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in execexpr in mjs.c...
CVE-2021-33445
An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in mjsstringcharcodeat in mjs.c...
CVE-2021-21870
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a...