# security

This repository will contain security-related stuff I'm doing. (Also, [@rawsec](https://twitter.com/rawsec) on Twitter)

Recent:

- 2019-06-04 [Vim/Neovim Arbitrary Code Execution via Modelines](doc/2019-06-04_ace-vim-neovim.md) (CVE-2019-12735)

More to come...

---

Some older bugs:

- 2017-01-25 [Google Chrome: Address spoofing in Omnibox](https://bugs.chromium.org/p/chromium/issues/detail?id=673971
) (CVE-2017-5015)

- 2017-01-24 [Mozilla Firefox: Location bar spoofing with unicode characters](https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383) (CVE-2017-5383)

- 2016-06-07 [Mozilla Firefox: Partial SOP violation via forged location.host](https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/) (CVE-2016-2825)

- 2015-05-19 [Google Chrome: Cross-origin bypass in Editing](https://bugs.chromium.org/p/chromium/issues/detail?id=444927) (CVE-2015-1254)

- 2015-04-03 [Mozilla Firefox: Privileged URLs processed by about:reader](https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/) (CVE-2015-0798)

- 2015-03-31 [Mozilla Firefox: Addon permissions exposed to man-in-the-middle attacks](https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/) (CVE-2015-0812)

- 2015-02-24 [Mozilla Firefox: Local files or privileged URLs in pages can be opened into new tabs](https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/) (CVE-2015-0821)

- 2015-02-24 [Mozilla Firefox: Arbitrary File Read Vulnerability via Form Autocomplete](https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/) (CVE-2015-0822)

CTF write-ups:

- [Google CTF 2017 | Geokitties v2](https://github.com/numirias/ctf/blob/master/writeup-google-ctf-2017-geokitties-v2.md)

- [*Many more...*](https://security.meta.stackexchange.com/search?tab=votes&q=user%3a95381%20is%3aanswer%20%5bwrite-up%5d)