ICT & Cyber Security

[Bug 1812200] CVE-2020-6806 Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion

Author:



By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. External Reference:

Acknowledgments: Name: the Mozilla project Upstream:….



Source link

You must be logged in to post a comment.

RELATED STORIES
Category Product Vulnerabilities

PwnXSS – Vulnerability XSS Scanner Exploit

September 25, 2020
python 3.7 Commands: XSS scanner git clone https://github.com/pwn0sec/PwnXSS Main features crawling all links on a...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Instagram Hacked – Critical Vulnerability Let Attackers Take Control

September 24, 2020
A critical security vulnerability with the Instagram app lets attackers take over the victim’s Instagram...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Interface Security Systems provides retail video monitoring solution | Security News

September 23, 2020
Transport security: utilising the cloud to manage passenger flow and improve health & safety Throughout...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

90后程序员为“炫技”入侵67万台计算机 半年内获利256万 – 警告! – cnBeta.COM

September 22, 2020
有的程序员写代码写到头秃,有的程序员却通过黑吃黑获利百万。近期,据钱江晚报报道,一个 90 后程序员,两年间非法控制计算机 67 万余台,并利用漏洞“黑吃黑”博彩网站,半年内从中获利 256 万余元…….而这一切的源头,仅仅是因为这位老兄想要“炫技”。 访问: 阿里云推出高校特惠专场:0元体验入门云计算 快速部署创业项目 吃瓜群众也是颇为不解:“生财之道可不仅这一种,为什么要断送自己的下半生?” 最近,这位程序员也为自己的行为付出了代价。 根据杭州市西湖法院一审判决的视频资料中得知,西湖法院以诈骗罪、非法控制计算机信息系统罪数罪并罚分别判处被告人马某有期徒刑十一年六个月,并处罚金人民币五十万元;判处被告人杨某(同伙)有期徒刑十一年六个月,并处罚金人民币四十七万元;以诈骗罪分别判处其余 2...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Zerologon: US-Behörden sollen Patch für CVE-2020-1472 installieren

September 21, 2020
Die Cybersicherheitsabteilung des US-Heimatschutzministeriums hat die zivilen Bundesbehörden angewiesen, einen Sicherheitspatch für Windows-Server zu installieren,...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

US-Heimatschutzministerium warnt vor gefährlicher Windows-Lücke

September 20, 2020
Es ist eine Lücke, von der jeder Angreifer träumt: Unter dem Namen “Zerologon” war vor...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

CVE-2020-5421 – Alert Detail – Security Database

September 19, 2020
Executive Summary This vulnerability is currently undergoing analysis and not all information is available. Please...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Ransomware : une attaque suspectée d’avoir provoqué un décès en Allemagne

September 18, 2020
Les autorités allemandes enquêtent sur la mort d’un patient à la suite d’une attaque...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Kritische Schadcode-Lücke in Trend Micro ServerProtect bedroht Linux

September 17, 2020
Damit keine Malware auf Linux-Servern landet, sollten Admins die eigentlich schützende Software ServerProtect for Linux...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

"Zerologon": Neu entdeckte Windows-Schwachstelle macht Angreifer sofort zu Admins

September 16, 2020
Forscher des Unternehmens Secura haben eine neue Schwachstelle in Microsofts Windows-Betriebssystem entdeckt und auch gleich...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact