[Bug 1812200] CVE-2020-6806 Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion

Author:



By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. External Reference:

Acknowledgments: Name: the Mozilla project Upstream:….



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
vamtam-theme-circle-post
Category Product Vulnerabilities

Opinion | I Have Cancer. Now My Facebook Feed Is Full of ‘Alternative Care’ Ads.

July 11, 2020
Last week, I posted about my breast cancer diagnosis on Facebook. Since then, my Facebook...
Read More
Category Product Vulnerabilities

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM StoredIQ InstaScan

July 11, 2020
Jul 10, 2020 8:00 pm EDT Categorized: High Severity Share this post: There...
Read More
Category Product Vulnerabilities

Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941)

July 11, 2020
Jul 10, 2020 8:00 pm EDT Categorized: Medium Severity Share this post: Cross...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

CVE-2020-11081 – Alert Detail – Security Database

July 11, 2020
Executive Summary Informations Name CVE-2020-11081 First vendor Publication 2020-07-10 Vendor Cve Last vendor Modification 2020-07-10...
Read More
Category Product Vulnerabilities

Vulnerability CVE-2020-15505

July 10, 2020
Published: 2020-07-07 Description: A remote code execution vulnerability in MobileIron Core and Connector versions 10.6...
Read More
Category Product Vulnerabilities

CVE-2020-4042

July 10, 2020
Description. Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the...
Read More
Category Product Vulnerabilities

Medium CVE-2020-15072: Phplist Phplist

July 10, 2020
https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html. https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377. https://www.phplist. Source link
Read More
Category Product Vulnerabilities

Vulnerability CVE-2020-15507

July 10, 2020
Published: 2020-07-07 Description: An arbitrary file reading vulnerability in MobileIron Core and Connector versions 10.6...
Read More
Category Product Vulnerabilities

Low CVE-2020-15096: Electronjs Electron

July 10, 2020
Description: In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation...
Read More
Category Product Vulnerabilities

Medium CVE-2020-15584: Google Android

July 10, 2020
Description: An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact