Microsoft Edge Chakra suffers from a null pointer dereference vulnerability.
ea551ed38595cabf2922d70955d0c971af950a1d0c9e3958f4f1d1902aea36ad
Microsoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.
fdda336815ac63fe08759882eed8c25471acba4310abb045c2527612f4538060
Microsoft Edge Chakra version 1.11.4 read permission via type confusion proof of concept exploit.
02a1f7246d6620617cee5dc2e6410aa80ea33cb275e22c442aacfbefb52a15df
Microsoft Edge has an issue where the default flash click2play whitelist is insecure.
b67a708bf7118de58f25eedb37a2a8891d000105b033f1e3397bcf8d54354a2a
Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.
789b214a31a71d7137e78ec7849729dcb9e3b8a75a7308f4a4b8b569c079222e
Microsoft Edge suffers from a type confusion vulnerability in InitClass.
367c15a86b6530dbd43aa9b2697e9a86c38d5e598f2ee86f71e076458456cbc2
Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
834d31cccca1204e88d3a244cd1080b2a05229d26e439537775eea80ec254732
Microsoft Edge version 44.17763.1.0 suffers from a null pointer dereference vulnerability.
a11a849c5f67763fb7d352108d15d3790372eb4acfe09de283b30b2bacb51245
Microsoft Edge version 42.17134.1.0 Tree::ANode::DocumentLayout denial of service proof of concept exploit.
9acf1553b18b56a1c543ae6156a84a5ed7e2d14342a8efb0fc0ebc7ee7a97b07
Microsoft Edge suffers from a Chakra OP_Memset type confusion vulnerability.
611fa33be1a70a1567073da40901233c4521faaaa46eb3028856e6977091b785
Microsoft Edge suffers from a Chakra JIT type confusion bug.
f1c02ccc951ceda6d6a1421129878de1d9f26aadbd450419b54c25dda564411f
Microsoft Edge suffers from a Chakra JIT BailOutOnInvalidatedArrayHeadSegment check bypass vulnerability.
ec00b94941d6f0c365dbfe398115342baba4da955810b213e9dedced9dae355c
Microsoft Edge suffers from a sandbox escape vulnerability.
53dae687e4a4409c81987ce450a88ac52d2a2a51eac4971e2a0712be2ba423d2
Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.
4e5a6b1c1ad36809123bcb9eced0fa48ac450dae86ec04c8b0efbd7b86c77fd8
Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.
78f38be2f2306af460f7ceb3b4272fa71d5e515678096e5f3e5ef2769afdf332
Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush.
4d7c1c0bd391258ccf4d2a6df0bbe9fce45d445b76d8eb5317891fd7fc1cfef5
Microsoft Edge Chakra has an issue where DictionaryPropertyDescriptor::CopyFrom does not copy all fields.
02a9af64a615a45ba93686901284c1ca585f8e53c27860a4cfcb2c7a25376b37
Microsoft Edge Chakra suffers from a parameter scope parsing bug.
a916e8ee259ed452ab0ef0b7d6f4f736a5c6609e52233de54ab3341897861228
Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.
fa2ba833d2e86afeca1956fc5c100501e728bc7ca7779f47078461ffbd346bab
Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.
f4b986bf36dfb05720fc2029354aa57451279bbc79487e82145d40d7bd8a2aef
Microsoft Edge Chakra JIT suffers from a bug. BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_NewTarget flag which indicates that there's an extra argument (new.target) at the end of the argument array. So the size of the new argument array created with the CallFlags_NewTarget flag will be always 1 less then required, this leads to an out-of-bounds read.
aa1bde86d10b95d8ca0ccfc5d06fd9edd0e20688c8eadfbfc61a463d88cdead5
Microsoft Edge Chakra JIT suffers from multiple out of bounds reads and writes.
14c73972e0db8500904cd6efa9a56ea40e8f8fbd7ed64d7345ffa202523fbfe4
Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.
dac02c231e7c37da88c204ab8918570d1df7d88c3ea07b2805f9d5afd9081f44
Microsoft Edge Chakra suffers from a cross context use-after-free vulnerability.
3b419c01f8a186a0bd97c1be1da5f223ed4332c77c38f000eedcab19808e3482
Microsoft Edge Chakra JIT suffers from an issue where a magic value can cause a type confusion vulnerability.
b607bd66ac346df35ba88f1fbce5078e0b85fdb7c50c28f6628624a5252e48aa
Microsoft Edge suffers from an ACG bypass vulnerability with OpenProcess().
e13730c75ca6f8bb32812eaeb11c4e26810eb2412806aa44f43438d5b226c9b0