Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

EUVD-2022-49661

Malicious code in bioql PyPI...

Mozilla: GetBoundName in the JIT returned the wrong object

The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were applied...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

USN-6660-1: OpenJDK 11 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...

Mozilla: Incorrect optimization result on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...

CVE-2022-46881

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106...

Mozilla: Memory corruption in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash...

Mozilla: Memory corruption in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash...

Mozilla: Memory corruption in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash...

Design/Logic Flaw

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...