19 matches found
EUVD-2021-10881
Malware in sbrugna...
EUVD-2017-14154
Malware in sbrugna...
PrestaShop Path Traversal Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A path traversal vulnerability exists in PrestaShop versions 8.1.0 through prior to 8.1.4, which stems from...
SUSE CVE-2017-5045
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...
CVE-2021-23960
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...
Code injection
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0209-1 Rating: important References: 1181414 Cross-References: CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: openSUSE Leap 15.2 An upda...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Denial Of Service (DoS)
firefox is vulnerable to Denial Of Service. Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...
Microsoft Edge Chakra - Cross Context Use-After-Free
f.onload = null; // Garbage collection for let i = 0; i 10; i++ new ArrayBuffer1024 1024 40; let obj = opt; // "opt" returns the freed string constant. ; // Closing the diffrent context f.src = 'about:blank'; But in fact, if you run the code, you will see an exception...
Design/Logic Flaw
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...
CVE-2017-5045
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...
chromium-browser: information disclosure in xss auditor
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...
Cross-domain JSON resources may be exposed as JavaScript variable data – Opera Security Advisories
JSON strings are sometimes exported by sites as a resource that cannot be read cross-domain, and may contain confidential data. The format of a JSON string ensures that it cannot be read as the contents of a variable, if it is included as a normal script. In some cases, Opera does not correctly...