security
→ View on GitHubAI Summary: The “security” repository serves as a compilation of security research and writing contributions by the author, highlighting vulnerabilities across various software platforms including Vim, Chrome, and Firefox. Its primary use case is to document security issues and provide insights via detailed write-ups and analysis, particularly related to Capture The Flag (CTF) challenges. Notable features include links to CVEs, write-ups of specific vulnerabilities, and a collection of past security issues relevant to major web browsers.
README
security
This repository will contain security-related stuff I’m doing. (Also, @rawsec on Twitter)
Recent:
- 2019-06-04 Vim/Neovim Arbitrary Code Execution via Modelines (CVE-2019-12735)
More to come…
CTF write-ups:
My answers on Security.SE (many trivial, but also a few interestinig ones).
Some older bugs:
2017-01-25 Google Chrome: Address spoofing in Omnibox (CVE-2017-5015)
2017-01-24 Mozilla Firefox: Location bar spoofing with unicode characters (CVE-2017-5383)
2016-06-07 Mozilla Firefox: Partial SOP violation via forged location.host (CVE-2016-2825)
2015-05-19 Google Chrome: Cross-origin bypass in Editing (CVE-2015-1254)
2015-04-03 Mozilla Firefox: Privileged URLs processed by about:reader (CVE-2015-0798)
2015-03-31 Mozilla Firefox: Addon permissions exposed to man-in-the-middle attacks (CVE-2015-0812)
2015-02-24 Mozilla Firefox: Local files or privileged URLs in pages can be opened into new tabs (CVE-2015-0821)
2015-02-24 Mozilla Firefox: Arbitrary File Read Vulnerability via Form Autocomplete (CVE-2015-0822)