[Bug 1812200] CVE-2020-6806 Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion

Author:



By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. External Reference:

Acknowledgments: Name: the Mozilla project Upstream:….



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
Category Product Vulnerabilities

OpenSUSE Linux update for spamassassin

April 4, 2020
Published: 2020-04-04 Severity Medium Patch available YES Number of vulnerabilities 3 CVE ID CVE-2018-11805CVE-2020-1930CVE-2020-1931 CWE...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

openSUSE: 2020:0446-1: important: spamassassin>

April 4, 2020
An update that solves three vulnerabilities and has one errata is now available. openSUSE Security...
Read More
Category Product Vulnerabilities

Mozilla pushes Firefox 74.0.1 fixing two zero-day exploits

April 4, 2020
Mozilla has pushed Firefox 74.0.1 along with the related security advisory. The new update, which...
Read More
Category Product Vulnerabilities

2020 © ClasesIT – SIREA. Derechos reservados Admin Panel Bypass Exploit

April 4, 2020
Admin Panel Bypass Exploit AUTHOR: Mustafa Öztaş url:site/sirea/login.php OR url:site/sirea/includes/conectar/login.php Dork:intext:2020...
Read More
Category Product Vulnerabilities

[SECURITY] [DSA 4652-1] gnutls28 security update

April 4, 2020
[SECURITY] [DSA 4652-1] gnutls28 security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian...
Read More
Category Product Vulnerabilities

Use-after-free while running the nsDocShell destructor

April 4, 2020
Description Huzaifa S. Sidhpurwala 2020-04-04 11:44:52 UTC As per mozilla upstream advisory: Under certain conditions,...
Read More
Category Product Vulnerabilities

Bugs allowed hackers to hijack & activate Mac, iPhone cameras

April 4, 2020
Bugs allowed hackers to hijack & activate Mac, iPhone cameras Home » Security » Bugs...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Debian: DSA-4653-1: firefox-esr security update>

April 4, 2020
Two security issues have been found in the Mozilla Firefox web browser, which could result...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

openSUSE: 2020:0444-1: important: haproxy>

April 4, 2020
An update that fixes one vulnerability is now available. openSUSE Security Update: Security update for...
Read More
Category Product Vulnerabilities

2020 Vision: Cybersecurity through a business lens

April 4, 2020
Over the coming years organizations will experience growing disruption as threats from the digital world...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact