CVE-2018-3850

An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

chromium-browser: Incorrect handling of promises in V8

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...

PT-2018-16244 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.0.1.1049 Description: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader. A specially crafted PDF document can trigger a previously freed object in memory to be reused,...

PT-2018-5655 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 8.3.2.25013 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be exploited by opening a specially crafted PDF document, allowing arbitrary code execution. This can be triggered by an...

Foxit PDF Reader JavaScript Engine Memory Misreference Vulnerability

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. An attacker can exploit this vulnerabilit...

The vulnerability of the ChakraCore JavaScript script handler and the Microsoft Edge browser arises from an operation that goes beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the ChakraCore JavaScript script handler and the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted web page content...

Design/Logic Flaw

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

CVE-2018-3842

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

CVE-2018-3842

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

CVE-2018-3842

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

Overview Talos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Update to the current...

PT-2018-16236 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.0.1.1049 Description: The issue is related to an uninitialized pointer in the JavaScript engine. A specially crafted PDF document can cause a dereference of this pointer, potentially leading to arbitrary code...

Google Chrome V8 Competitive Conditions Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. A competitive condition vulnerability exists in V8 in versions prior to Google Chrome 65.0.3325.146. A remote attacker could exploit this vulnerability by tricking a...

Google Chrome V8 Integer Overflow Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. An integer overflow vulnerability exists in V8 in versions prior to Google Chrome 65.0.3325.146. A remote attacker could exploit this vulnerability by tricking a user...

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser, caused by an operation that goes beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine handler involves improper handling of objects in memory, allowing an attacker to trigger memory corruption and execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript script handler ChakraCore is related to improper handling of objects in memory. Exploiting this vulnerability can allow a remote attacker to trigger memory corruption and execute arbitrary code using a specially crafted web page...

CVE-2018-5145

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 52.7 and Thunderbird 52.7...

Google Chrome Caching Bug Type Confusion

A type confusion vulnerability exists in Google Chrome. The vulnerability is due to improper handling of objects in memory by the JavaScript engine while compiling code. A remote attacker could exploit this vulnerability by enticing a user to open a malicious web page...

CVE-2018-4910

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

CVE-2018-4910

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...