CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12406 – Mozilla: JavaScript Type confusion with NativeTypes
https://notcve.org/view.php?id=CVE-2020-12406
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. ... Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9 The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1639590 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12406 https://bugzilla.redhat.com/show_bug.cgi?id=1843312 • CWE-345: Insufficient Verification of Data Authenticity CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9800 – Apple Safari HasIndexedProperty Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9800
A type confusion issue was addressed with improved memory handling. ... Se abordó un problema de confusión de tipos con un manejo de la memoria mejorado. ... By performing actions in JavaScript, an attacker can trigger a type confusion condition. • https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 48%CPEs: 8EXPL: 0CVE-2020-9850 – Apple Safari In Operator JIT Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9850
By performing actions in JavaScript, an attacker can trigger a type confusion condition. • https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 https://access.redhat.com/security/cve/CVE-2020-9850 https://bugzilla.redhat.com/show_bug.cgi?id=1879568 https://github.com/sslab-gatech/pwn2own2020 • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2020-6468 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2020-6468
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML especialmente diseñada. • https://github.com/Goyotan/CVE-2020-6468-PoC https://github.com/kiks7/CVE-2020-6468-Chrome-Exploit http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1076708 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproj • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-6464 – chromium-browser: Type Confusion in Blink
https://notcve.org/view.php?id=CVE-2020-6464
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en Blink en Google Chrome versiones anteriores a la versión 81.0.4044.138, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML especialmente diseñada A type confusion flaw was reported in the Blink component of the Chromium browser. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html https://crbug.com/1071059 https://security.gentoo.org/glsa/202005-13 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6464 https://bugzilla.redhat.com/show_bug.cgi?id=1832488 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •