Search Results - JavaScript engine vulnerability*

A Review on JavaScript Engine Vulnerability Mining by Kang, Zeyan

“… However, due to the characteristics of JavaScript language and inconsistent browser implementation, the vulnerability of JavaScript execution engine has become a major hidden danger of browser security…”
Get full text

Vulnerable JavaScript functions detection using stacking of convolutional neural networks by Sheneamer, Abdullah

“… These models use vulnerable information and code features to detect related vulnerable code. For identifying different vulnerabilities in JavaScript functions, an approach…”
Get full text

LLM-Guided Mutation Location Selection for Vulnerability-Aware JavaScript Engine Fuzzing by Li, Jizhe, Wang, Yongjun, Xu, Haoran, Peng, Lin, Xu, Muxin, Xia, Tian

“…Modern JavaScript engines employ multi-tier JIT compilation for high performance, but these aggressive optimizations often introduce subtle and hard-to-detect security vulnerabilities…”
Get full text

Inherited Vulnerabilities: Javascript Engine V4 secure coding compared to Googles V8 by Pannu, Mandeep, Kay, Iain, Gill, Bod

“…In 2013, the Qt Project announced a move away from Google's V8 JavaScript engine to their own internal V4 JavaScript engine…”
Get full text

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages by Brito, Tiago, Ferreira, Mafalda, Monteiro, Miguel, Lopes, Pedro, Barros, Miguel, Santos, Jose Fragoso, Santos, Nuno

“…With the emergence of the Node.js ecosystem, JavaScript has become a widely used programming language for implementing server-side web applications…”
Get full text

PatchFuzz: Patch fuzzing for JavaScript engines by Wang, Junjie, Xie, Zhihua, Xie, Xiaofei, Du, Xiaoning, Zhang, Xiangwei

“… While researchers have made efforts to apply patch fuzzing to testing JavaScript (JS) engines with considerable success, these efforts have been limited to using ordinary test cases or publicly available vulnerability PoCs (Proof of Concepts…”
Get full text

JITBULL: Securing JavaScript Runtime with a Go/No-Go Policy for JIT Engine by Decourcelle, Jean-Baptiste, Teabe, Boris, Hagimont, Daniel

“…Nowadays, most services are delivered through the web and thus heavily rely on JavaScript (JS…”
Get full text

HFF-JIT: A Hybrid Fuzzing Framework for JIT Compiler Vulnerability Detection in JavaScript by Ding, Haotong, Li, Anni, Ayitey Sosu, Rexford Nii

“…Just-In-Time(JIT) compilers embedded in JavaScript engines significantly boost runtime performance but also introduce difficult-to-detect vulnerabilities…”
Get full text

iHVI: AN OPEN-SOURCE TOOLKIT FOR CONSTRUCTING INTEGRATED HEAT VULNERABILITY INDEX IN AUSTRALIA by Sun, Q. (C.), Das, S., Wang, K., Tao, Y., Amati, M., Hurley, J., Choy, S., Duckham, M.

“…To tackle the increasing issue of heat risk in Australia and pressure of population growth, this project aimed to establish a first nationwide dynamic and interactive heat vulnerability assessment toolkit…”
Get full text

JFuzzer: Detecting Optimization Errors in JavaScript Just-In-Time Compilers by Zhang, Chi, Chen, Jinfu, Cai, Saihua, Chen, Jingyi, Huang, Chunlei

“… This poses challenges for JavaScript engines. Consequently, in response to this situation, modern JavaScript engines are equipped with efficient just-in-time (JIT) compilers…”
Get full text

Wasmati: An efficient static vulnerability scanner for WebAssembly by Brito, Tiago, Lopes, Pedro, Santos, Nuno, Santos, José Fragoso

“…WebAssembly is a new binary instruction format that allows targeted compiled code written in high-level languages to be executed with near-native speed by the browser’s JavaScript engine…”
Get full text

Method for Mutation of Complexly Structured Input Data during Fuzzing of JavaScript Engines by Erokhina, Natalya Sergeevna

“…Fuzzing of JavaScript engines is one of the most difficult areas in web-browser testing due to the complexity of input data generating…”
Get full text

Keep Me Updated: An Empirical Study on Embedded JavaScript Engines in Android Apps by Wen, Elliott, Zhou, Jiaxiang, Luo, Xiapu, Russello, Giovanni, Dietrich, Jens

“…Although JavaScript (JS) has been widely used in mobile development, little is known about the security implications of utilizing JS engines shipped as native app libraries…”
Get full text

Linear Matching of JavaScript Regular Expressions by Barrière, Aurèle, Pit-Claudel, Clément

“… blowups, a frequent source of denial-of-service vulnerabilities in JavaScript applications…”
Get full text

Evaluating seed selection for fuzzing JavaScript engines by Wen, Ming, Wang, Yongcong, Xia, Yifan, Jin, Hai

“… However, popular JavaScript engines that have been widely utilized by web browsers to interpret JS code, have become the most common targets for attackers…”
Get full text

Fuzzing JavaScript JIT compilers with a high-quality differential test oracle by Li, Jizhe, Xu, Haoran, Wang, Yongjun, Jiang, Zhiyuan, Chun, Huang, Xie, Peidai, Chen, Yongxin, Xia, Tian

“…Modern JavaScript engines use Just-In-Time (JIT) compilers to convert frequently executed code into machine instructions, boosting performance for web applications and cross-platform systems…”
Get full text

Platform-Independent Dynamic Taint Analysis for JavaScript by Karim, Rezwana, Tip, Frank, Sochurkova, Alena, Sen, Koushik

“…Previous approaches to dynamic taint analysis for JavaScript are implemented directly in a browser or JavaScript engine, limiting their applicability to a single platform and requiring ongoing…”
Get full text

On DoS Vulnerability of Regular Expressions, with and Without Backreferences by Terauchi, Tachio

“… The extension is practically popular, supported by many regex engines including those in the standard libraries of Java, Python, JavaScript, and more, and is also known to possess interesting…”
Get full text

PatchFuzz: Patch Fuzzing for JavaScript Engines by Wang, Junjie, Ma, Yuhan, Xie, Xiaofei, Du, Xiaoning, Zhang, Xiangwei

“… While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have been limited to using ordinary test cases or publicly available vulnerability PoCs (Proof of Concepts…”
Get full text

Deity: Finding Deep Rooted Bugs in JavaScript Engines by Lin, Hongyang, Zhu, Junhu, Peng, Jianshan, Zhu, Dixia

“…Fuzzing [1] is a well-known technique which was employed to provide unexpected or random data as input to JavaScript engines in hopes of finding a security vulnerability…”
Get full text