wnagzihxa1n

wnagzihxa1n

iOS/Android Security

© 2021

浏览器安全周报 2019.03.25 - 2019.03.29

这周终于又可以开始搞浏览器了

看了lcatro师傅的一篇文章,仔细理解了一下师傅所说的”领悟了JavaScript中的漏洞成因”,不过看情况我好像还没有真正理解

  • https://github.com/lcatro/my-blog/tree/master/2017/diff_note

微博上看到的一行代码逃逸Safari沙箱

  • https://medium.com/p/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
  • https://weibo.com/ttarticle/p/show?id=2309404354112320866984

今年Pwn2Own火狐的两个漏洞相关

CVE-2019-9810

  • https://github.com/mozilla/gecko-dev/commit/369406707f9fef96ac8405fb9cbb58da4bcc4f1d
  • https://github.com/xuechiyaobai/CVE-2019-9810-PoC/

CVE-2019-9813

  • https://github.com/mozilla/gecko-dev/commit/601d226fe3690ff57287580431fd9a937298be80
  • https://github.com/mozilla/gecko-dev/commit/752be3958fc6f6eb83eaa4a35fae1a99dc54746e

CVE-2018-17480 天府杯攻破Chrome的漏洞:ValueDeserializer::ReadDenseJSArray越界写漏洞

  • https://bugs.chromium.org/p/chromium/issues/detail?id=905940

以下来自玄武推送

CVE-2019-5798 Skia SkPath::transform的OOB漏洞

  • https://bugs.chromium.org/p/chromium/issues/detail?id=883596

CVE-2019-5755 V8 SpeculativeSafeIntegerSubtract的类型信息错误漏洞

  • https://bugs.chromium.org/p/chromium/issues/detail?id=913296

CVE-2018-17478 V8 array sort安全漏洞

  • https://bugs.chromium.org/p/chromium/issues/detail?id=897512

CVE-2019-9791 Spidermonkey IonMonkey的类型推断错误导致的类型混淆漏洞

  • https://bugs.chromium.org/p/project-zero/issues/detail?id=1791