Cesanta MJS Denial of Service Vulnerability (CNVD-2023-29378)

Cesanta MJS is a JavaScript engine designed for microcontrollers with limited resources. Cesanta MJS version 2.20.0 contains a denial of service vulnerability that can be exploited by attackers to launch a denial of service attack...

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 112, Focus for Android 112,...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Cesanta MJS 安全漏洞

Cesanta MJS is a JavaScript engine designed for microcontrollers with limited resources. Cesanta MJS version 2.20.0 contains a denial of service vulnerability that can be exploited by attackers to launch a denial of service attack...

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

CVE-2023-29536

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...

CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and...

PT-2023-7318 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.10 Description: The issue is related to a segmentation violation in the njs lvlhsh find function at src/njs lvlhsh.c and a memory reading issue in the js vmcode return function at src/njs vmcode.c. This could allow a...

Nginx 安全漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. in the United States. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in Nginx NJS. An attacker can exploit this...

CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-25750

Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox 111...

CVE-2023-28177

Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 111...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page...

SUSE CVE-2023-1214

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

UBUNTU-CVE-2023-1214

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type obfuscation issue in V8. An attacker could use this vulnerability to cause heap corruption via specially crafted HTML pages...

USN-5893-1 webkit2gtk vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

SUSE CVE-2005-0989

The findreplen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method...

SUSE CVE-2005-2705

Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code...

SUSE CVE-2006-0019

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...