Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions

Microsoft Edge Chakra JIT - OpMaxInAnArray and OpMinInAnArray can Explicitly call User-Defined JavaScript Functions / 1. Call patterns like "Math.max.applyMath, 1, 2, 3, 4, 5" and "Math.max.applyMath, arr" can be optimized to directly call the method "JavascriptMath::MaxInAnArray" in the Inline...

Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions

/ 1. Call patterns like "Math.max.applyMath, 1, 2, 3, 4, 5" and "Math.max.applyMath, arr" can be optimized to directly call the method "JavascriptMath::MaxInAnArray" in the Inline Phase. 2. The method takes the original method "Math.max" as the first parameter and the arguments object as the seco...

Microsoft Edge: Chakra: JIT: BailOutOnTaggedValue bailouts can be generated for constant values(CVE-2017-11839)

In the Chakra's JIT compilation process, it stores variables' type information by basic block. function optb let o; if b // BASIC BLOCK a o = ; else // BASIC BLOCK b o = 1.1; // BASIC BLOCK c return o; For example, let's think the above code gets optimized. At the basic block a, the type of "o"...

Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 1. In the Chakra's JIT compilation process, it stores variables' type information by basic block. function optb let o; if b // BASIC BLOCK a o = ; else // BASIC BLOCK b o = 1.1; // BASIC BLOCK c return o; For example, let's...

The Great DOM Fuzz-off of 2017

Posted by Ivan Fratric, Project Zero Introduction Historically, DOM engines have been one of the largest sources of web browser bugs. And while in the recent years the popularity of those kinds of bugs in targeted attacks has somewhat fallen in favor of Flash which allows for cross-browser exploi...

CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

Symphony CMS 2.6.2

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt Vendor: ================================ www.getsymphony.com/download/ Product: ================================ Symphony CMS 2.6.2 Advisory Information:...

openSUSE Security Update : seamonkey (openSUSE-SU-2013:1644-1)

update to SeaMonkey 2.22 bnc847708 - rebased patches - requires NSS 3.15.2 or higher - MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards - MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing addressbar through SELECT element - MFSA 2013-95/CVE-2013-5604...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-93 Miscellaneous memory safety hazards rv:25.0 / rv:24.1 / rv:17.0.10 MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-96 Improperly initialized memory and overflows in some...

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753,...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Critical: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Mozilla: crash while profiling page with many functions (MFSA 2011-49)

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

Design/Logic Flaw

The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

CVE-2006-3807

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...