본문 바로가기

Vulnerability6

[0-Day] CVE-2022-46875 - Mozilla Firefox Download Protection Bypass Vulnerability Original Write up : SSD ADVISORY – MACOS MOZILLA FIREFOX DOWNLOAD PROTECTIONS WERE BYPASSED Summary A vulnerability in Mozilla Firefox has been found to not show an executable file warning when downloading .atloc and .ftploc files, which can run commands on a user’s computer. Credit Dohyun Lee, working for SSD Labs Korea. CVE CVE-2022-46875 Vendor Response The vendor has released patches availab.. 2023. 1. 15.
[0-Day] Issue 1335688 ($5,000) - Google Chrome ANGLE CompressedTexImage3D Heap Buffer Overflow Vulnerability Title Issue 1335688 - $5,000 - Google Chrome ANGLE CompressedTexImage3D Heap Buffer Overflow Summary A Heap-Based Buffer Overflow vulnerability exists in the TextureGL::setCompressedImage function. An attacker must open a arbitrary generated html file to exploit this vulnerability. Test environment macOS Monterey 12.4(21F79) Google Chrome 103.0.5060.53 Root Cause Analysis angle::Result TextureGL.. 2022. 11. 11.
[0-Day] CVE-2022-42823 - Apple Safari JavaScriptCore Inspector Type Confusion Vulnerability Title Apple Safari JavaScriptCore Inspector Type confusion Vulnerability Summary A Type confusion vulnerability exists in the Apple Safari JSC Inspector This issue causes Memory Corruption due to Type confusion. An attacker must open a arbitrary generated HTML file to exploit this vulnerability. Test environment macOS M1 Monterey 12.5(21G72) Apple Safari 15.6(17613.3.9.1.5) Root Cause Analysis I.. 2022. 11. 11.
[0-Day] CVE-2022-32816 - Apple Safari IDN URL Spoofing Vulnerability Original Write up : SSD Advisory – Apple Safari IDN URL Spoofing TL;DR Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones to confuse victims into thinking they are reach a certain site, while they are accessing another one. Vulnerability Summary A vulnerability in Apple Safari IDN handling allows attackers to perform a URL Spoofing as Safa.. 2022. 8. 7.