Author: Michal Zalewski

Country: us

Reported research: 24

Advisories

Risk	Topic & Details
Med.	libxml2 Out of bounds memory access (CVE assigned) Remote \| 2015-10-23
High	SQLite Multiple Vulns. Local \| 2015-04-16
Med.	Mozilla Firefox Uninitialized memory use during bitmap rendering (CVE assigned) Remote \| 2015-01-15
High	Linux \'less\' can probably get you owned Local \| 2014-11-24
Med.	lesspipe cpio bug to back up the argument Local \| 2014-11-23
High	libjpeg-turbo Stack smashing Local \| 2014-11-07
High	libbfd Vulnerabilities Local \| 2014-10-27
High	strings / libbfd (Chromium 37.0.2062.120) out of bounds read Local \| 2014-10-23
Med.	Mozilla Firefox Secret Leak PoC Remote \| 2014-09-04
Med.	MSIE PNG zlib API misuse bug DoS Remote \| 2014-08-05
High	IJG jpeg6b / libjpeg-turbo Uninitialized Memory (CVE assigned) Remote \| 2013-11-13
Med.	Using CSS visited to steal your history Remote \| 2013-05-06
High	Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution (CVE assigned) Remote \| 2011-01-12
Med.	Apple Webkit JavaScript clickjacking (CVE assigned) Remote \| 2010-03-30
Low	MSIE7 entrapment again (+ FF tidbit) (CVE assigned) Remote Local \| 2007-07-20
Low	Firefox wyciwyg:// cache zone bypass (CVE assigned) Remote \| 2007-07-11
High	Assorted browser vulnerabilities (CVE assigned) Remote Local \| 2007-06-08
Low	MSIE7 browser entrapment vulnerability (probably Firefox, too) (CVE assigned) Remote \| 2007-03-02
Low	Firefox bookmark cross-domain surfing vulnerability (CVE assigned) Remote \| 2007-03-02
High	Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (CVE assigned) Remote \| 2007-02-28
Low	Firefox: about:blank is phisher\'s best friend (CVE assigned) Remote Local \| 2007-02-21
Med.	Firefox: serious cookie stealing / same-domain bypass vulnerability (CVE assigned) Remote \| 2007-02-20
High	Concurrency-related vulnerabilities in browsers - expect problems (CVE assigned) Remote \| 2006-08-23
Med.	Remote overflow in MSIE script action handlers (mshtml.dll) (CVE assigned) Remote \| 2006-03-16

Author: Michal Zalewski

Country: us

Reported research: 24

Advisories

Med.

libxml2 Out of bounds memory access (CVE assigned)

Remote | 2015-10-23

High

Local | 2015-04-16

Med.

Mozilla Firefox Uninitialized memory use during bitmap rendering (CVE assigned)

Remote | 2015-01-15

High

Local | 2014-11-24

Med.

Local | 2014-11-23

High

Local | 2014-11-07

High

Local | 2014-10-27

High

Local | 2014-10-23

Med.

Remote | 2014-09-04

Med.

Remote | 2014-08-05

High

IJG jpeg6b / libjpeg-turbo Uninitialized Memory (CVE assigned)

Remote | 2013-11-13

Med.

Remote | 2013-05-06

High

Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution (CVE assigned)

Remote | 2011-01-12

Med.

Apple Webkit JavaScript clickjacking (CVE assigned)

Remote | 2010-03-30

Low

MSIE7 entrapment again (+ FF tidbit) (CVE assigned)

Remote Local | 2007-07-20

Low

Firefox wyciwyg:// cache zone bypass (CVE assigned)

Remote | 2007-07-11

High

Assorted browser vulnerabilities (CVE assigned)

Remote Local | 2007-06-08

Low

MSIE7 browser entrapment vulnerability (probably Firefox, too) (CVE assigned)

Remote | 2007-03-02

Low

Firefox bookmark cross-domain surfing vulnerability (CVE assigned)

Remote | 2007-03-02

High

Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (CVE assigned)

Remote | 2007-02-28

Low

Firefox: about:blank is phisher\'s best friend (CVE assigned)

Remote Local | 2007-02-21

Med.

Firefox: serious cookie stealing / same-domain bypass vulnerability (CVE assigned)

Remote | 2007-02-20

High

Concurrency-related vulnerabilities in browsers - expect problems (CVE assigned)

Remote | 2006-08-23

Med.

Remote overflow in MSIE script action handlers (mshtml.dll) (CVE assigned)

Remote | 2006-03-16

Do you know.. we can display your:

- Twitter Link - Website Link - Zone-H Link - Description of profile - email (let us know if you want show public)

Let's us know! submit@cxsec.org

- Twitter Link
- Website Link
- Zone-H Link
- Description of profile
- email (let us know if you want show public)