EUVD-2000-0265

Malware in sbrugna...

SUSE CVE-2005-3946

Opera 8.50 allows remote attackers to cause a denial of service crash via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class...

WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive

WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive VULNERABILITY DETAILS bool JSObject::putInlineSlowExecState exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot ASSERT!isThisValueAlteredslot, this; VM& vm = exec-vm; auto scope = DECLARETHROWSCOPEvm;...

jsc: Stack-use-after-scope in JSC::MarkedBlock::vm

Detailed report: https://oss-fuzz.com/testcase?key=5635965041770496 Project: jsc Fuzzer: jsfuzzer Job Type: asanjsc Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7fffb7b6bed8 Crash State: JSC::MarkedBlock::vm JSC::JSObject JSC::jsCast JSC::asObject Sanitizer: addres...

jsc: Heap-buffer-overflow in JSC::IndexingHeader::vectorLength

Detailed report: https://oss-fuzz.com/testcase?key=5694527739265024 Project: jsc Fuzzer: jsfuzzer Job Type: asanjsc Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x62d000060004 Crash State: JSC::IndexingHeader::vectorLength JSC::Butterfly::computeIndexingMask...

WebKit: JSC: UXSS via JSObject::putInlineSlow and JSValue::putToPrimitive(CVE-2017-7037)

JSObject::putInlineSlow and JSValue::putToPrimitive use getPrototypeDirect instead of getPrototype to get an object's prototype. So JSDOMWindow::getPrototype which checks the Same Origin Policy is not called. The PoC shows to call a setter of another origin's object. PoC 1 -...

WebKit JSC JSObject::putInlineSlow / JSValue::putToPrimitive XSS Vulnerability

WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability. WebKit: JSC: UXSS via JSObject::putInlineSlow and JSValue::putToPrimitive CVE-2017-7037 JSObject::putInlineSlow and JSValue::putToPrimitive use getPrototypeDirect instead of...

WebKit JSC JSObject::putInlineSlow / JSValue::putToPrimitive XSS

WebKit: JSC: UXSS via JSObject::putInlineSlow and JSValue::putToPrimitive CVE-2017-7037 JSObject::putInlineSlow and JSValue::putToPrimitive use getPrototypeDirect instead of getPrototype to get an object's prototype. So JSDOMWindow::getPrototype which checks the Same Origin Policy is not called...

WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting

let f = document.body.appendChilddocument.createElement'iframe'; let loc = f.contentWindow.location; f.onload = = let a = 1.2; a.proto.proto = f.contentWindow; a'test' = toString: function arguments.callee.caller.constructor'alertlocation'; ; ; f.src = 'data:text/html,' +...

WebKit Unspecified Memory Corruption Vulnerability(CVE-2017-2521)

WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed. Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength setPublicLengthlength; return result; |setPublicLength| is called whether...

WebKit JSC - JSObject::ensureLength ensureLengthSlow Check Failure

WebKit JSC - JSObject::ensureLength ensureLengthSlow Check Failure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1165 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength...

WebKit JSC JSObject::ensureLength Failure Check

WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed. CVE-2017-2521 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength setPublicLengthlength; return result; |setPublicLength| is calle...

CVE-2012-1543

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous informatio...

CVE-2012-1543

CVE-2012-1543 is described in Oracle/JAVA context as an unspecified vulnerability in the JavaFX component of Oracle Java SE (JavaFX 2.2.4 and earlier) that could affect confidentiality, integrity, and availability via unknown vectors; notes indicate a possible invalid type cast in JSObject. Conne...

CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...

CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...