CVE-2025-3031

CVE-2025-3031 : A vulnerability in Mozilla’s JIT-compiled code allows reading 32 bits spilled onto the stack. Affected products are Firefox and Thunderbird prior to version 137. Root cause, impact, and affected components are stated, but no exploitation details are provided in the documents. Reme...

The vulnerability of the `static ptrdiff_t finderrfunc` function in the `src/lj_err.c` file of the LuaJIT compiler, a programming language for Lua. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the static ptrdifft finderrfunc function in the src/ljerr.c file of the LuaJIT compiler for the Lua programming language is related to reading data beyond the allowed buffer size. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

JITSploitation III: Subverting Control Flow

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...

Code injection

The bpfintjitcompile function in arch/x86/net/bpfjitcomp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service system crash by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler...

MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (uncredentialed check)

The remote web server is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privilege of the logged-on user. - A ASP.NET NULL byte termination vulnerability could allow an...