NetSurf
0 remedies
cpe:2.3:a:netsurf-browser:netsurf:*:*:*:*:*:*:*
0 remedies
- <= 3.11
NetSurf Heap Memory Disclosure Vulnerability in DOM Event Handling
Vulnerability
A vulnerability in NetSurf version 3.11 has been identified, where the application improperly handles uninitialized heap memory in the DOM event structure. This issue arises in the event initialization function, which fails to properly initialize several fields that are accessible to JavaScript. As a result, these fields can inadvertently leak memory addresses, potentially serving as a primitive for further exploitation.
Impact
Exploitation of this vulnerability leads to an information leak, disclosing uninitialized memory that may contain sensitive data.
Reproduction
The vulnerability can be reproduced by creating a DOM event in NetSurf 3.11. The uninitialized fields of the event structure can be accessed via JavaScript, revealing leaked memory addresses in the console output.
Remediation
Users can upgrade to NetSurf versions later than 3.11 to address this vulnerability.
Added: Nov 3, 2025, 3:19 PM
Updated: Nov 3, 2025, 9:25 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
0.6exploitability
5.8remediation
7.7relevance
0.9threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.