KLA10723 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list ...

v8: multiple vulnerabilities fixed in 4.7.80.23

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478...

USN-2825-1 oxide-qt vulnerabilities

Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the...

Google Chrome V8 Denial of Service Vulnerability (CNVD-2015-07961)

Google Chrome is the United States Google Google company developed a Web browser. Google V8 is one of the open source JavaScript engine. A security vulnerability exists in the js/array.js file of Google V8 used in Google Chrome 47.0.2526.73, which stems from the program's failure to properly...

Google Chrome PDFium Denial of Service Vulnerability (CNVD-2015-07965)

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. Google Chrome 47.0.2526.73 previous versions of PDFium used in the fpdfsdk/src/jsapi/fxjsv8.cpp file has a security vulnerability, the vulnerability stems from...

Chakra JavaScript Engine: Microsoft Open-Sources the Heart of Edge browser

Microsoft has announced the plans to open source the core components of its "Chakra" – the JavaScript engine behind the new Edge browser – to GitHub code-sharing and collaboration repository next month. The company made this announcement at the JSConf US Last Call conference in Florida this...

UBUNTU-CVE-2015-6764

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...

UBUNTU-CVE-2015-6771

js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via crafted JavaScript code...

UBUNTU-CVE-2015-8478

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

Google Chrome (Andriod) Javascript Handling Arbitrary Code Execution Vulnerability

Google Chrome is a popular WEB browser. A security vulnerability in Google Chrome JavaScript v8 on Android allows remote attackers to exploit the vulnerability to build a malicious WEB page to trick users into parsing it, which can be used in the context of an application to execute arbitrary cod...

Google Chrome V8 Denial of Service Vulnerability (CNVD-2015-06766)

Google Chrome is an open source WEB browser. Google V8 has a security vulnerability that allows remote attackers to exploit the vulnerability to build malicious WEB pages, trick users into parsing them, crash applications, and more...

Google Chrome < 45.0.2454.101 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 45.0.2454.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 201509stable-channel-update24 advisory. - object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does no...

chromium-browser: Cross-origin bypass in V8

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...

UBUNTU-CVE-2015-1304

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote code execution vulnerability exists in the VBScript and JScript engines in Microsoft IE version 8. An attacker exploiting...

chromium-browser: v8 denial of service

The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service application crash via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of...

UBUNTU-CVE-2015-5605

The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service application crash via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of...

Critical DoS Bug in Node.js, io.js Patched

Developers at Node.js over the weekend released a critical update to the open source runtime environment that addresses a bug that could be used to cause denial of service attacks. The JavaScript framework is used in one way or another by a handful of companies, including Netflix, PayPal, the New...

Security Updates for Node.js and io.js

Networking applications using Node.js or io.js contain a vulnerability in the V8 JavaScript engine. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Available updates include: node.js-v0.12.6 io.js-v2.2.3 io.js-v1.8.3 Users and administrators...

UBUNTU-CVE-2015-3910

Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...