Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.
In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after […]
Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.
Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.
Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.
Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.
Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.
Spotify version 1.0.96.181 suffers from a proxy configuration denial of service vulnerability.