MuJS heap buffer overflow vulnerability (CNVD-2016-08688)

MuJS is a lightweight JavaScript interpreter , it is used to embedded in other software to provide script execution capabilities . A heap buffer overflow vulnerability exists in MuJS. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application, which...

Security update for polkit (important)

Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. boo935119 CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript...

Mozilla Firefox 3.5 - 'escape()' Return Value Memory Corruption (Metasploit)

$Id: firefoxescaperetval.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Debian DSA-948-1 : kdelibs - buffer overflow

Maksim Orlovich discovered that the kjs JavaScript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary...

Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

CentOS 4 : kdelibs (CESA-2006:0184)

Updated kdelibs packages are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. kdelibs contains libraries for the K Desktop Environment KDE. A heap overflow flaw was discovered affecting kjs, the...

CentOS 4 : firefox (CESA-2006:0200)

An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpret...

DSA-1046-1 mozilla - several

Bulletin has no description...

security flaw

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

CVE-2006-0292

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

CVE-2006-0292

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

Design/Logic Flaw

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

CVE-2006-0292

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

mozilla security update

CentOS Errata and Security Advisory CESA-2006:0199 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2006-February/074774.html https://lists.centos.org/pipermail/centos-announce/2006-February/074775.html...

Critical: Red Hat Security Advisory: firefox security update

An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's Javascript interpret...

[KDE Security Advisory] kjs encodeuri/decodeuri heap overflow

KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability Original Release Date: 2006-01-19 URL: http://www.kde.org/info/security/advisory-20060119-1.txt 0. References CVE-2006-0019 1. Systems affected: KDE 3.2.0 up to including KDE 3.5.0 2. Overview: Maksim Orlovich discovered a...

SUSE-SA:2006:003: kdelibs3

The remote host is missing the patch for the advisory SUSE-SA:2006:003 kdelibs3. Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick...

Fedora Core 4 : kdelibs-3.5.0-0.4.fc4 (2006-050)

A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious website containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The...

CVE-2006-0019

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...

[SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20th, 2005 http://www.debian.org/security/faq -...