HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

jit

  1. 1

    Exploits Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access

    Webkit JSC JIT suffers from an uninitialized variable access vulnerability in ArgumentsEliminationPhase::transform. View the full article
  2. dEEpEst

    Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion [CVE-2019-0567]

    Hidden content
    • dEEpEst
    • Thread
    • chakra confusion cve-2019-0567 edge exploit initproto jit microsoft newscobjectnoctor type
    • Replies: 0
    • Forum: Exploit Development & Bugs
  3. dEEpEst

    Microsoft Edge Chakra JIT Use-After-Free / Flag Issue [CVE-2019-0568]

    Hidden content
  4. dEEpEst

    WebKit JSC JIT Use-After-Free [CVE-2018-4442]

    Hidden content
  5. 1

    Exploits Microsoft Edge Chakra JIT Use-After-Free / Flag Issue

    In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the...
  6. 1

    Exploits Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion

    Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code. View the full...
  7. 1

    Exploits WebKit JSC JIT Use-After-Free

    The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it is missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings...
  8. 1

    Exploits WebKit JIT Proxy Object Issue

    WebKit JIT int32/double arrays can have proxy objects in the prototype chains. View the full article
  9. 1

    Exploits WebKit JIT ByteCodeParser::handleIntrinsicCall Type Confusion

    WebKit JIT has type confusion bugs in ByteCodeParser::handleIntrinsicCall. View the full article
  10. 1

    Exploits WebKit JSC JIT JSPropertyNameEnumerator Type Confusion

    When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every get_by_id expression taking the loop variable as the index is...
  11. 1

    Exploits Microsoft Edge Chakra JIT Type Confusion Bug

    Microsoft Edge suffers from a Chakra JIT type confusion bug. View the full article
  12. 1

    Exploits Microsoft Edge Chakra JIT BailOutOnInvalidatedArrayHeadSegment Check Bypass

    Microsoft Edge suffers from a Chakra JIT BailOutOnInvalidatedArrayHeadSegment check bypass vulnerability. View the full article
  13. 1

    Exploits Microsoft Edge Chakra JIT localeCompare Type Confusion

    Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare. View the full article
  14. 1

    Exploits Microsoft Edge Chakra JIT InlineArrayPush Type Confusion

    Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush. View the full article
  15. 1

    Exploits Microsoft Edge Chakra JIT ImplicitCallFlags Check Bypass

    Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl. View the full article

jit

jit

Share this tag

Back
Top