| 0 |
| url |
VCID-1nsv-4xw6-q3bh |
| vulnerability_id |
VCID-1nsv-4xw6-q3bh |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-1973
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1nsv-4xw6-q3bh |
|
| 1 |
| url |
VCID-1v1p-3xrs-jfgt |
| vulnerability_id |
VCID-1v1p-3xrs-jfgt |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3958
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1v1p-3xrs-jfgt |
|
| 2 |
| url |
VCID-43q7-k9by-2uhh |
| vulnerability_id |
VCID-43q7-k9by-2uhh |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3962
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-43q7-k9by-2uhh |
|
| 3 |
| url |
VCID-47rg-f2g6-hyff |
| vulnerability_id |
VCID-47rg-f2g6-hyff |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-1975
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-47rg-f2g6-hyff |
|
| 4 |
| url |
VCID-5px5-rt4z-b7fs |
| vulnerability_id |
VCID-5px5-rt4z-b7fs |
| summary |
Security researcher Arthur Gerkis used the Address Sanitizer
tool to find two issues involving Scalable Vector Graphics (SVG) files. The
first issue is a buffer overflow in Gecko's SVG filter code when the sum of two
values is too large to be stored as a signed 32-bit integer, causing the
function to write past the end of an array. The second issue is a use-after-free
when an element with a "requiredFeatures" attribute is moved between documents.
In that situation, the internal representation of the "requiredFeatures" value
could be freed prematurely. Both issues are potentially exploitable. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3969
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5px5-rt4z-b7fs |
|
| 5 |
| url |
VCID-6ewf-t4h5-jyaf |
| vulnerability_id |
VCID-6ewf-t4h5-jyaf |
| summary |
Security researcher miaubiz used the Address Sanitizer tool
to discover two WebGL issues. The first issue is a use-after-free when WebGL
shaders are called after being destroyed. The second issue exposes a problem
with Mesa drivers on Linux, leading to a potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3967
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6ewf-t4h5-jyaf |
|
| 6 |
| url |
VCID-8c5a-phhj-6kek |
| vulnerability_id |
VCID-8c5a-phhj-6kek |
| summary |
Security researcher Arthur Gerkis used the Address Sanitizer
tool to find two issues involving Scalable Vector Graphics (SVG) files. The
first issue is a buffer overflow in Gecko's SVG filter code when the sum of two
values is too large to be stored as a signed 32-bit integer, causing the
function to write past the end of an array. The second issue is a use-after-free
when an element with a "requiredFeatures" attribute is moved between documents.
In that situation, the internal representation of the "requiredFeatures" value
could be freed prematurely. Both issues are potentially exploitable. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3970
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8c5a-phhj-6kek |
|
| 7 |
| url |
VCID-a89m-g6m7-tqbr |
| vulnerability_id |
VCID-a89m-g6m7-tqbr |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-1972
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a89m-g6m7-tqbr |
|
| 8 |
| url |
VCID-bb7c-gufb-ybat |
| vulnerability_id |
VCID-bb7c-gufb-ybat |
| summary |
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to run
arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird
and SeaMonkey products because scripting is disabled, but are potentially a risk
in browser or browser-like contexts in those products. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-1970
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bb7c-gufb-ybat |
|
| 9 |
| url |
VCID-bmcs-22gj-nbeq |
| vulnerability_id |
VCID-bmcs-22gj-nbeq |
| summary |
Security researcher Frédéric Hoguin reported two related
issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)
format files. When processing a negative "height" header value for the bitmap
image, a memory corruption can be induced, allowing an attacker to write random
memory and cause a crash. This crash may be potentially exploitable. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3966
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bmcs-22gj-nbeq |
|
| 10 |
| url |
VCID-c3mx-m2ka-s7fm |
| vulnerability_id |
VCID-c3mx-m2ka-s7fm |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3959
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c3mx-m2ka-s7fm |
|
| 11 |
| url |
VCID-ckwu-zacg-d3bj |
| vulnerability_id |
VCID-ckwu-zacg-d3bj |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-1974
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ckwu-zacg-d3bj |
|
| 12 |
| url |
VCID-dnur-7qxp-g7g1 |
| vulnerability_id |
VCID-dnur-7qxp-g7g1 |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-1976
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dnur-7qxp-g7g1 |
|
| 13 |
| url |
VCID-eftp-v3k7-xkct |
| vulnerability_id |
VCID-eftp-v3k7-xkct |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3960
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eftp-v3k7-xkct |
|
| 14 |
| url |
VCID-mbgs-b2qj-ukg1 |
| vulnerability_id |
VCID-mbgs-b2qj-ukg1 |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3961
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mbgs-b2qj-ukg1 |
|
| 15 |
| url |
VCID-nesy-7bkx-87ax |
| vulnerability_id |
VCID-nesy-7bkx-87ax |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3957
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nesy-7bkx-87ax |
|
| 16 |
| url |
VCID-p6xe-qepz-7kez |
| vulnerability_id |
VCID-p6xe-qepz-7kez |
| summary |
Mozilla security researcher moz_bug_r_a4 reported that
certain security checks in the location object can be bypassed if chrome code is
called content in a specific manner. This allowed for the loading of restricted
content. This can be combined with other issues to become potentially
exploitable. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3978
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6xe-qepz-7kez |
|
| 17 |
| url |
VCID-shxn-m14n-7far |
| vulnerability_id |
VCID-shxn-m14n-7far |
| summary |
Security research Nicolas Grégoire used the Address
Sanitizer tool to discover an out-of-bounds read in the format-number feature of
XSLT, which can cause inaccurate formatting of numbers and information leakage.
This is not directly exploitable. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3972
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-shxn-m14n-7far |
|
| 18 |
| url |
VCID-t4u8-8ysj-tbhh |
| vulnerability_id |
VCID-t4u8-8ysj-tbhh |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3964
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t4u8-8ysj-tbhh |
|
| 19 |
| url |
VCID-u829-rqhq-afdu |
| vulnerability_id |
VCID-u829-rqhq-afdu |
| summary |
Security researcher Colby Russell discovered that eval in
the web console can execute injected code with chrome privileges, leading to the
running of malicious code in a privileged context. This allows for arbitrary
code execution through a malicious web page if the web console is invoked by the
user. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3980
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u829-rqhq-afdu |
|
| 20 |
| url |
VCID-vnu6-2tzh-5kab |
| vulnerability_id |
VCID-vnu6-2tzh-5kab |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3963
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vnu6-2tzh-5kab |
|
| 21 |
| url |
VCID-wbbj-pv5p-nuaa |
| vulnerability_id |
VCID-wbbj-pv5p-nuaa |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3956
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbj-pv5p-nuaa |
|
| 22 |
| url |
VCID-xvw5-jd6a-9ff3 |
| vulnerability_id |
VCID-xvw5-jd6a-9ff3 |
| summary |
Security researcher miaubiz used the Address Sanitizer tool
to discover two WebGL issues. The first issue is a use-after-free when WebGL
shaders are called after being destroyed. The second issue exposes a problem
with Mesa drivers on Linux, leading to a potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3968
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xvw5-jd6a-9ff3 |
|