Issues - project-zero - Project Zero

Monorail	Project: project-zero ▼ Issues People Development process History	Sign in

ListGrid

1 - 54 of 54

ID ▼	Type ▼	Status ▼	Priority ▼	Milestone ▼	Owner ▼	Summary + Labels ▼
46	----	Fixed	----	----	cevans@google.com	Flash heap buffer overflow calling copyPixelsToByteArray() on a large ByteArray CCProjectZeroMembers
77	----	Duplicate	----	----	cevans@google.com	WebKit JavaScriptCore integer truncation vulnerability
106	----	Fixed	----	----	cevans@google.com	Flash logic error in bytecode verifier CCProjectZeroMembers
248	----	Fixed	----	----	mjurczyk@google.com	Adobe Reader CoolType use of uninitialized memory in transient array CCProjectZeroMembers
259	----	Fixed	----	----	mjurczyk@google.com	Microsoft Internet Explorer DirectWrite memory disclosure via uninitialized transient array CCProjectZeroMembers
494	----	Fixed	----	----	hawkes@google.com	Samsung SecEmailUI script injection CCProjectZeroMembers
622	----	Fixed	----	----	mjurczyk@google.com	pdfium SIGSEGV in IsFlagSet (v8 memory management) CCProjectZeroMembers
675	----	Fixed	----	----	taviso@google.com	AVG: "Web TuneUP" extension multiple critical vulnerabilities CCProjectZeroMembers
679	----	Fixed	----	----	taviso@google.com	Avast: A web-accessible RPC endpoint can launch "SafeZone" (also called Avastium), a Chromium fork with critical security checks removed. CCProjectZeroMembers
693	----	Fixed	----	----	taviso@google.com	TrendMicro node.js HTTP server listening on localhost can execute commands CCProjectZeroMembers
704	----	Fixed	----	----	taviso@google.com	Comodo: Comodo "Chromodo" Browser disables same origin policy, Effectively turning off web security. CCProjectZeroMembers
722	----	Fixed	----	----	mjurczyk@google.com	Windows gdi32.dll multiple issues in the EMF CREATECOLORSPACEW record handling CCProjectZeroMembers
773	----	Fixed	----	----	taviso@google.com	TrendMicro: A remote debugger stub is listening in default install
775	----	Fixed	----	----	taviso@google.com	TrendMicro: Multiple HTTP problems with CoreServiceShell.exe CCProjectZeroMembers
785	----	Fixed	----	----	mjurczyk@google.com	Windows Kernel ATMFD.DLL NamedEscape 0x250C pool corruption CCProjectZeroMembers
884	----	Fixed	----	----	taviso@google.com	LastPass: design flaw in communication between privileged and unprivileged components
890	----	Fixed	----	----	taviso@google.com	Dashlane: universal XSS in doOnboardingSiteStep API CCProjectZeroMembers
910	----	Fixed	----	----	natashenka@google.com	Microsoft Edge: Stack Overflow in Spread Operator CCProjectZeroMembers
919	----	Fixed	----	----	natashenka@google.com	Microsoft Edge: Info Leak in Array.join CCProjectZeroMembers
945	----	Fixed	----	----	natashenka@google.com	Microsoft Edge: Type Confusion in FillFromPrototypes CCProjectZeroMembers
994	----	Fixed	----	----	ifratric@google.com	Google Chrome: Type confusion in HTMLKeygenElement::shadowSelect() CCProjectZeroMembers
999	----	Fixed	----	----	ifratric@google.com	Apple WebKit: Type confusion in HTMLKeygenElement CCProjectZeroMembers
1032	----	Fixed	----	----	natashenka@google.com	Safari Browser: Builtin JavaScript allows Function.caller to be used in strict mode CCProjectZeroMembers
1040	----	Fixed	----	----	lokihardt@google.com	macOS: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. CCProjectZeroMembers
1043	----	Fixed	----	----	lokihardt@google.com	Microsoft Edge: Undefined behavior on some getters CCProjectZeroMembers
1049	----	Fixed	----	----	lokihardt@google.com	Apple WebKit: UXSS via FrameLoader::clear CCProjectZeroMembers
1056	----	Fixed	----	----	lokihardt@google.com	Apple WebKit: UXSS via Frame::setDocument (1). CCProjectZeroMembers
1057	----	Fixed	----	----	lokihardt@google.com	Apple WebKit: UXSS via Frame::setDocument CCProjectZeroMembers
1068	----	Fixed	----	----	lokihardt@google.com	Apple Webkit: UXSS with JSCallbackData CCProjectZeroMembers
1074	----	Fixed	----	----	lokihardt@google.com	Apple WebKit: UXSS via disconnectSubframes CCProjectZeroMembers
1084	----	Fixed	----	----	lokihardt@google.com	Apple WebKit: UXSS via PrototypeMap::createEmptyStructure CCProjectZeroMembers
1089	----	WontFix	----	----	taviso@google.com	Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID CCProjectZeroMembers
1090	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in FormSubmission::create CCProjectZeroMembers
1119	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS via a focus event and a link element CCProjectZeroMembers
1120	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS through HTMLObjectElement::updateWidget CCProjectZeroMembers
1121	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS via a synchronous page load CCProjectZeroMembers
1132	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS: the patch of #1110 made another bug CCProjectZeroMembers
1133	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS via Editor::Command::execute CCProjectZeroMembers
1134	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS via ContainerNode::parserRemoveChild (2) CCProjectZeroMembers
1151	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS: enqueuePageshowEvent and enqueuePopstateEvent don't enqueue, but dispatch CCProjectZeroMembers
1162	----	Fixed	----	----	lokihardt@google.com	WebKit: Stealing variables via page navigation in FrameLoader::clear CCProjectZeroMembers
1163	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS via Document::prepareForDestruction and CachedFrame CCProjectZeroMembers
1187	----	Fixed	----	----	lokihardt@google.com	WebKit: Element::setAttributeNodeNS UAF CCProjectZeroMembers
1197	----	Fixed	----	----	lokihardt@google.com	WebKit: UXSS via CachedFrameBase::restore CCProjectZeroMembers
1208	----	Fixed	----	----	lokihardt@google.com	WebKit: JSC: JSGlobalObject::haveABadTime causes type confusions CCProjectZeroMembers
1217	----	Fixed	----	----	taviso@google.com	LastPass: FireFox error pages still load Content Scripts, allowing access to ExtensionProxyService CCProjectZeroMembers
1220	----	Fixed	----	----	lokihardt@google.com	WebKit: JSC: JIT optimization check failed in IntegerCheckCombiningPhase::handleBlock CCProjectZeroMembers
1225	----	Fixed	----	----	taviso@google.com	LastPass: global properties can be modified across isolated worlds, allowing remote code execution CCProjectZeroMembers
1252	----	Fixed	----	----	taviso@google.com	MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. CCProjectZeroMembers
1258	----	Fixed	----	----	ianbeer@google.com	Windows MsMpEng remotely exploitable UaF due to design issue in GC engine CCProjectZeroMembers
1270	----	Fixed	----	----	natashenka@google.com	Microsoft Edge: Out-of-bounds access when fetching source CCProjectZeroMembers
1271	----	Fixed	----	----	lokihardt@google.com	Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses CCProjectZeroMembers
1309	----	Fixed	----	----	ifratric@google.com	Microsoft Edge: Memory corruption with partial page loading CCProjectZeroMembers
1326	----	Fixed	----	----	lokihardt@google.com	Microsoft Edge: Chakra: Parser::ParseCatch doesn't handle "eval" CCProjectZeroMembers

1 - 54 of 54

Show columns:
♦ ID
♦ Type
♦ Status
♦ Priority
♦ Milestone
♦ Owner
♦ Summary
AllLabels
Attachments
Blocked
BlockedOn
Blocking
CVE
Cc
Closed
Component
ComponentModified
Deadline
Finder
Fixed
MSRC
MergedInto
Methodology
Modified
OpSys
Opened
OwnerLastVisit
OwnerModified
Product
Project
Reported
ReportedOn
Reporter
Restrict
Severity
Stars
StatusModified
Vendor
Edit column spec...