CVE-2025-4919: Corruption via Math Space in Mozilla Firefox

July 15, 2025 | Hossein Lotfi CONTINUE READING

Syncing out of the Firefox sandbox

Blog post

Syncing out of the Firefox sandbox

December 16, 2019
Top 5, Firefox, Sandbox Escape

ZDI-18-1372 – The Elegant Bypass

Blog post

ZDI-18-1372 – The Elegant Bypass

December 21, 2018
Top 5, Adobe, Research

Really Check Errors: Pointing to the Object of your Desire

Blog post

Really Check Errors: Pointing to the Object of your Desire

December 20, 2018
Top 5, Apple, Research

An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange

Blog post

An Insincere Form of Flattery: Impersonating Users on Microsoft Exchange

December 19, 2018
Top 5, Exchange, Research

Top 5 Day Two: Electron Boogaloo - A case for technodiversity

Blog post

Top 5 Day Two: Electron Boogaloo - A case for technodiversity

December 18, 2018
Top 5, Electron, Research

Seeing Double: Exploiting a Blind Spot in MemGC

Blog post

Seeing Double: Exploiting a Blind Spot in MemGC

December 17, 2018
Microsoft, Top 5, Research

A Matching Pair of Use-After-Free Bugs in Chakra asm.js

Blog post

A Matching Pair of Use-After-Free Bugs in Chakra asm.js

December 22, 2017
JavaScript, Chakra, Research, Top 5

VMware’s Launch escape SYSTEM

Blog post

VMware’s Launch escape SYSTEM

December 21, 2017
VMware, Research, Top 5

Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting

Blog post

Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting

December 20, 2017
Apple, Safari, Research, Top 5

Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch

Blog post

Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch

December 19, 2017
Apache, Research, Top 5