This repository will contain security-related stuff I'm doing. (Also, @rawsec on Twitter)
Recent:
- 2019-06-04 Vim/Neovim Arbitrary Code Execution via Modelines (CVE-2019-12735)
More to come...
CTF write-ups:
My answers on Security.SE (many trivial, but also a few interestinig ones).
Some older bugs:
-
2017-01-25 Google Chrome: Address spoofing in Omnibox (CVE-2017-5015)
-
2017-01-24 Mozilla Firefox: Location bar spoofing with unicode characters (CVE-2017-5383)
-
2016-06-07 Mozilla Firefox: Partial SOP violation via forged location.host (CVE-2016-2825)
-
2015-05-19 Google Chrome: Cross-origin bypass in Editing (CVE-2015-1254)
-
2015-04-03 Mozilla Firefox: Privileged URLs processed by about:reader (CVE-2015-0798)
-
2015-03-31 Mozilla Firefox: Addon permissions exposed to man-in-the-middle attacks (CVE-2015-0812)
-
2015-02-24 Mozilla Firefox: Local files or privileged URLs in pages can be opened into new tabs (CVE-2015-0821)
-
2015-02-24 Mozilla Firefox: Arbitrary File Read Vulnerability via Form Autocomplete (CVE-2015-0822)