WebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.
7f0b76853cb76566efef7ad4bbe91c9b1977f8a050e942ee1915da7aaa16182d
WebKit suffers from an out-of-bounds read in WebCore::RenderText::localCaretRect.
d2bf26a53165b570a6f5bd7f1fb66d35b7d3557d70deadf09f219c638ad86390
There is a use-after-free security vulnerability in WebCore::AXObjectCache::performDeferredCacheUpdate in WebKit.
62c0de0a642ecdcec245a8979e15e6e5eae034411bc424e6de622292cdf7d05d
There is a use-after-free security vulnerability in WebCore::PositionIterator::decrement in WebKit.
217896fe315974d6577ecc8038ef7d0482b7caa767addabaa181135a8707de87
There is a use-after-free security vulnerability in WebCore::InputType::element in WebKit.
9a6ded12652b60c99c885a3f11eb3a8a7fd2b0c6515de6074753cec8628787a6
There is a use-after-free security vulnerability in WebCore::TreeScope::documentScope in WebKit.
3105ce149b3a63d509b7533ead0fa793978656a94530db60af67ab8b9675497f
Microsoft Internet Explorer 11 suffers from a use-after-free vulnerability in jscript!JsErrorToString.
b68b161a3b42e7a725d37eb0375faba5d57699ba45d34baf650b120307b35284
There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications after the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition.
5907d1f5e11d78ce0680fb433a3f355dee6f8223e8d01f9b8f025438c5f23e93
There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
50a17f878e4cb540b01d5045a6e10dff2e139109eb14511dd0fda4dc068c0013
ACG (Arbitrary Code Guard) in Microsoft Edge is bypassable. The bypass has been tested on Microsoft Edge 40.15063.0.0 running on Windows 10 Enterprise 64-bit with Creators Update (Version 1703, OS build 15063.413).
be1f44546390cca193ef1aff01a301005ed93d7d18025eb795e529774e3bd275
The Microsoft Chakra JIT server suffers from an out-of-bounds write when processing a Js::OpCode::ProfiledLoopStart opcode.
387a94a74877e5ae454670d88bca2108bf8b2e2ad1eedbea3c88071c8f4cfb35
The Microsoft Chakra JIT server suffers from an integer overflow in IRBuilder::Build.
6639f5e0c1bdd2f5bed8084c2cf405fcb0a5da8cf37e3dda8f8472c91bcd2d16
Microsoft Edge suffers from an out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198) and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.
0c7c105204e786ed354e8850c674a49c8d2983959710c13a19f428b802d31607
There is a use-after-free vulnerability in Microsoft Edge that can lead to memory disclosure. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198), Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.
6c092dbe2c1f903c835e705268adc2d309af972d14f860be14610356e48c272c
WebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.
4857989b812be535ca2a0333f4fc063225535c5a1fe5d4ed290ef1ed550fe158
WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.
2c4791349359086c7adcb2d645742cfa4c6b35eba2831689924c2a562b2a4f62
WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.
6f4055f8c47d2cd352507cfd33da6af6a1b23136f339db9715ff1454fc57d670
WebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.
98991424a644c47d5333233cabf4be78b0b7efb8db1eb885c5daeef0bfbfa1d2
WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.
26accfef3c015e940fb5ee457cb6a29a72c381aeafaf3f15e41b5c7a42c7d015
WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.
6eef1993e0cd62e0fad5f186f71640c1ddc0dd0940b55f1ad76e91e12504c088
WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.
b0d62cf7ab42c752da7c6b95126b1b47b02f6705a61df1f00207db405ed0dcff
WebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.
8fb09a6df3645a5bb6ae947a46e56826654f1c6c20cf3208f9247bd19743e887
Microsoft Internet Explorer suffers from a VBScript arithmetic function type confusion vulnerability.
f40f028ace681031a746b0e8ecc785e770f04baf897fa1f1b397ec507e8a1a00
Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.
c58903dd193f7839cd836f12f61a126151db2248cb30e60241e98c8ec782dd43
Microsoft Edge suffers from a type confusion vulnerability in CssParser::RecordProperty.
1aa785f1fd6f0eb74b2354c469073d303a744ebbead37d6b9b3783902311bdfb