PNG Containing Malicious JavaScript Code

A code execution vulnerability exists in multiple web-browsers when handling PNG files containing malicious JavaScript code. Opening those files would allow the malicious code to run and infect the target system...

Microsoft Internet Explorer 8 MSHTML Ptls5::LsFindSpanVisualBoundaries Memory Corruption

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the fifteenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these throug...

Microsoft Internet Explorer 9 MSHTML CAttrArray Use-After-Free

Exploit for windows platform in category dos / poc Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the first entry in that series. The below information is also available on my blog at...

Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14)

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might...