Type confusion

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to...

CVE-2020-13547

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to...

CVE-2020-13557

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2020-13570

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicio...

CVE-2020-13560

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2020-13557

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2020-13570

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicio...

CVE-2020-13560

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

Design/Logic Flaw

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

Design/Logic Flaw

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2020-13570

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicio...

CVE-2020-13560

CVE-2020-13560 affects Foxit PDF Reader (example: version 10.1.0.37527) and is a use-after-free in the JavaScript engine. A specially crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required (opening the malicious file). If the browser plugin ...

CVE-2020-13557

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2020-13557

CVE-2020-13557 is a use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit Reader 10.1.0.37527). A crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required (opening the malicious file); if the browser plugin is enabled, visiting a malic...

chromium-browser: Uninitialized Use in V8

The Mozilla Foundation Security Advisory describes this flaw as: When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read...

chromium-browser: Uninitialized Use in V8

The Mozilla Foundation Security Advisory describes this flaw as: When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read...

chromium-browser: Uninitialized Use in V8

The Mozilla Foundation Security Advisory describes this flaw as: When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read...

chromium-browser: Uninitialized Use in V8

The Mozilla Foundation Security Advisory describes this flaw as: When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read...

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardwar...

CVE-2020-26972

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This...