Next Page >>
JavaScript engine
Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22
Oracle Glassfish <= 3.1.1
Jetty, all versions
Plone, all versions
Rack, all versions
V8 JavaScript Engine, all versions
Fixed version:
Java, N/A
JRuby >= 1.6.5.1
PHP >= 5.3.9, >= 5.4.0RC4
specially crafted document. (MFSA 2009-34)
CVE-2009-2466
Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book
discovered several issues in the JavaScript engine that could possibly
lead to the execution of arbitrary JavaScript. (MFSA 2009-34)
CVE-2009-2467
Attila Suszter discovered an issue related to a specially crafted Flash
and Gary Kwong reported crashes in the in the layout engine, which might
allow the execution of arbitrary code.
CVE-2009-1304
Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,
which might allow the execution of arbitrary code.
CVE-2009-1305
Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,
============
The Apple Safari browser is a webbrowser based on the WebKit Engine.
More Details
============
A remotely exploitable vulnerability has been found in the JavaScript Engine of the Apple Safari Browser(based on Webkit Engine).
In detail, the following flaw was determined:
The Apple Safari browser is prone to a denial of service vulnerability when parsing certain HTML content.
This is possible due to a failure in handling exceptional conditions. This issue is caused by a memory corruption error when handling javascript elements, which could be exploited by remote attackers to crash the browser by tricking a user into visiting a specially crafted web page.
This issue can NOT be lead to remote code execution, so that the potential security risk is rated low.
============
The Motorola Milestone(droid) is a smartphone produced by Motorola based on the android operation system.
More Details
============
A remotely exploitable vulnerability has been found in the JavaScript Engine of the MobileSafari Browser(based on Webkit Engine) used on the Motorola Milestone(droid) smartphone.
In detail, the following flaw was determined:
The Motorola Milestone(Droid) is prone to a denial of service vulnerability when parsing certain HTML content.
This is possible due to a failure in handling exceptional conditions.
This issue is caused by a memory corruption error when handling javascript elements,
which could be exploited by remote attackers to crash the browser by tricking a user into visiting a specially crafted web page.
which might allow the execution of arbitrary code.
CVE-2007-3735
Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
javascript engine, which might allow the execution of arbitrary code.
CVE-2007-3844
"moz_bug_r_a4" discovered that a regression in the handling of
"about:blank" windows used by addons may lead to an attacker being
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).
Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).
might allow the execution of arbitrary code.
CVE-2009-0773
Gary Kwong, and Timothee Groleau discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
CVE-2009-0774
Gary Kwong discovered crashes in the Javascript engine, which
might allow the execution of arbitrary code.
Crashes in the layout engine may lead to the execution of arbitrary
code.
CVE-2011-0054
Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.
CVE-2010-0056
Christian Holler discovered buffer overflows in the Javascript engine,
in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14,
and SeaMonkey before 2.0.12, allows remote attackers to execute
arbitrary code via vectors related to a JavaScript Worker and garbage
collection. (CVE-2011-0057)
Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
exception timing and a large number of string values, aka an atom
map issue. (CVE-2011-0056)
arbitrary code. (MFSA 2008-21)
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the Javascript engine, which might allow the execution of arbitrary
code. (MFSA 2008-21)
CVE-2008-2800
"moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.
CVE-2008-0413
Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
Philip Taylor and "tgirmann" discovered crashes in the Javascript
engine, which might allow the execution of arbitrary code.
CVE-2008-0414
"hong" and Gregory Fleisher discovered that file input focus
vulnerabilities in the file upload control could allow information
various flaws in the browser engine. An attacker could exploit this to
crash the browser or possibly run arbitrary code as the user invoking the
program. (CVE-2010-3175, CVE-2010-3176)
Alexander Miller, Sergey Glazunov, and others discovered several flaws in
the JavaScript engine. An attacker could exploit this to crash the browser
or possibly run arbitrary code as the user invoking the program.
(CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)
Robert Swiecki discovered that Firefox did not properly validate Gopher
URLs. If a user were tricked into opening a crafted file via Gopher, an
allow the execution of arbitrary code.
CVE-2008-1237
"georgi", "tgirmann" and Igor Bukanov discovered crashes in the
Javascript engine, which might allow the execution of arbitrary
code.
CVE-2008-1238
Gregory Fleischer discovered that HTTP Referrer headers were
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
arbitrary code.
CVE-2011-2998
Mark Kaplan discovered an integer underflow in the javascript
engine, which could lead to the execution of arbitrary code.
CVE-2011-2999
Boris Zbarsky discovered that incorrect handling of the
window.location object could lead to bypasses of the same-origin
CVE-2008-0413
Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
Philip Taylor and "tgirmann" discovered crashes in the Javascript
engine, which might allow the execution of arbitrary code.
CVE-2008-0414
"hong" and Gregory Fleisher discovered that file input focus
vulnerabilities in the file upload control could allow information
David Chan discovered that cookies were insufficiently isolated.
CVE-2011-2371
Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the
Javascript engine, which could lead to the execution of arbitrary
code.
CVE-2011-2373
Martin Barbella discovered a use-after-free in XUL processing,
Paul Nickerson reported browser crashes related to JavaScript
methods, possibly triggering memory corruption (CVE-2008-0412).
* Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
Philip Taylor, and tgirmann reported crashes in the JavaScript
engine, possibly triggering memory corruption (CVE-2008-0413).
* David Bloom discovered a vulnerability in the way images are
treated by the browser when a user leaves a page, possibly triggering
memory corruption (CVE-2008-0419).
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates.
An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary code as the user invoking the program. (CVE-2010-1214)
A flaw was discovered in the Firefox JavaScript engine. If a user were
tricked into viewing a malicious site, a remote attacker code execute
arbitrary JavaScript with chrome privileges. (CVE-2010-1215)
An integer overflow was discovered in how Firefox processed CSS values. An
attacker could exploit this to crash the browser or possibly run arbitrary
various flaws in the browser engine. An attacker could exploit this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-3175, CVE-2010-3176)
Alexander Miller, Sergey Glazunov, and others discovered several flaws in
the JavaScript engine. If JavaScript were enabled, an attacker could
exploit this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)
Eduardo Vela Nava discovered that Thunderbird could be made to violate the
same-origin policy by using modal calls with JavaScript. If JavaScript were
Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.x:
CVE-2009-1392: Firefox browser engine crashes
CVE-2009-1832: Firefox double frame construction flaw
CVE-2009-1833: Firefox JavaScript engine crashes
CVE-2009-1834: Firefox URL spoofing with invalid unicode characters
CVE-2009-1835: Firefox Arbitrary domain cookie access by local file:
resources
CVE-2009-1836: Firefox SSL tampering via non-200 responses to proxy
CONNECT requests
Background
==========
Chromium is an open source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
allow the execution of arbitrary code.
CVE-2008-4062
Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
discovered crashes in the Javascript engine, which might allow the
execution of arbitrary code.
CVE-2008-4065
Dave Reed discovered that some Unicode byte order marks are
frame construction." (MFSA 2009-24)
CVE-2009-1833
Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript
engine, which could lead to the execution of arbitrary code.
(MFSA 2009-24)
CVE-2009-1834
Pavel Cvrcek discovered a potential issue leading to a spoofing attack
allow the execution of arbitrary code.
CVE-2008-1237
"georgi", "tgirmann" and Igor Bukanov discovered crashes in the
Javascript engine, which might allow the execution of arbitrary
code.
CVE-2008-1238
Gregory Fleischer discovered that HTTP Referrer headers were
allow the execution of arbitrary code.
CVE-2008-1237
"georgi", "tgirmann" and Igor Bukanov discovered crashes in the
Javascript engine, which might allow the execution of arbitrary
code.
CVE-2008-1238
Gregory Fleischer discovered that HTTP Referrer headers were
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates.
For the stable distribution (etch) these problems have been fixed in version
a user into opening a malicious web page, an attacker could cause
a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the
program. (CVE-2008-2798, CVE-2008-2799)
Several problems were discovered in the JavaScript engine. If a
user were tricked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-2800)
Collin Jackson discovered various flaws in the JavaScript engine
which allowed JavaScript to be injected into signed JAR files. If
Next Page>>
|
