An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system...
9.6CVSS
2.3AI Score
0.003EPSS
Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Two critical zero-day vulnerabilities have been identified in Mozilla Firefox that are being exploited in-the-wild and tracked as CVE-2022-26485 and CVE-2022-26485. Both are use-after-free bugs that exist in XSLT parameter...
2.1AI Score
0.01EPSS
Update now! Mozilla patches two actively exploited vulnerabilities
Mozilla has announced it has fixed security vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. Users should install the out-of-band security update as soon as possible, since it is designed to apply a fix for two vulnerabilities that are known to...
0.5AI Score
0.01EPSS
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. Both are use-after-free bugs, which are memory-corruption issues that occur when an application continues to...
10CVSS
0.6AI Score
0.976EPSS
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free...
-0.2AI Score
0.01EPSS
Mozilla Firefox Security Advisory (MFSA2022-09) - Mac OS X
Mozilla Firefox is prone to multiple use-after-free...
9.6CVSS
9.5AI Score
0.01EPSS
The version of Firefox installed on the remote Windows host is prior to 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports...
9.6CVSS
9.3AI Score
0.01EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...
9.6CVSS
9.3AI Score
0.01EPSS
Debian DLA-2933-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2933 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...
9.6CVSS
8.9AI Score
0.01EPSS
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...
9.6CVSS
9.3AI Score
0.01EPSS
Mozilla Thunderbird Security Advisory (MFSA2022-09) - Mac OS X
Mozilla Thunderbird is prone to multiple use-after-free...
9.6CVSS
9.6AI Score
0.01EPSS
The version of Firefox ESR installed on the remote Windows host is prior to 91.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had ...
9.6CVSS
9.3AI Score
0.01EPSS
Mozilla Thunderbird Security Advisory (MFSA2022-09) - Windows
Mozilla Thunderbird is prone to multiple use-after-free...
9.6CVSS
9.6AI Score
0.01EPSS
Mozilla Firefox ESR Security Advisory (MFSA2022-09) - Windows
Mozilla Firefox is prone to multiple use-after-free...
9.6CVSS
9.5AI Score
0.01EPSS
Mozilla Firefox Security Advisory (MFSA2022-09) - Windows
Mozilla Firefox is prone to multiple use-after-free...
9.6CVSS
9.5AI Score
0.01EPSS
9.6CVSS
9.6AI Score
0.01EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...
9.6CVSS
9.4AI Score
0.01EPSS
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code...
9.6CVSS
3AI Score
0.003EPSS
Debian DSA-5090-1 : firefox-esr - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5090 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the...
9.6CVSS
8.9AI Score
0.01EPSS
The version of Thunderbird installed on the remote Windows host is prior to 91.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had ...
9.6CVSS
9.3AI Score
0.01EPSS
Mozilla Firefox ESR Security Advisory (MFSA2022-09) - Mac OS X
Mozilla Firefox is prone to multiple use-after-free...
9.6CVSS
9.5AI Score
0.01EPSS
9.6CVSS
9.5AI Score
0.01EPSS
A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26485) A use-after-free was discovered in the...
9.6CVSS
9.7AI Score
0.01EPSS
Updated firefox packages fix security vulnerabilities
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485). An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape...
9.6CVSS
1.1AI Score
0.01EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5314-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5314-1 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had...
9.6CVSS
8.8AI Score
0.01EPSS
Releases Ubuntu 21.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit...
9.6CVSS
9.5AI Score
0.01EPSS
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 9...
9.6CVSS
8.7AI Score
0.003EPSS
KLA12475 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in XSLT parameter processing can be exploited to cause denial.....
9.6CVSS
10AI Score
0.01EPSS
KLA12470 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in XSLT parameter processing can be exploited to cause denial of...
9.6CVSS
10AI Score
0.01EPSS
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-064-01)
The version of mozilla-firefox installed on the remote host is prior to 91.6.1esr / 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-064-01 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable...
9.6CVSS
8.9AI Score
0.01EPSS
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of...
9.6CVSS
1AI Score
0.01EPSS
KLA12469 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in XSLT parameter processing can be exploited to cause denial.....
9.6CVSS
10AI Score
0.01EPSS
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...
7.1CVSS
7.3AI Score
0.0004EPSS
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...
7.1CVSS
7.2AI Score
0.0004EPSS
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...
7.1CVSS
0.0004EPSS
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...
7.1CVSS
6.3AI Score
0.0004EPSS
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...
7.1CVSS
6.6AI Score
0.0004EPSS
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...
7.3AI Score
0.0004EPSS
Security update for conmon, libcontainers-common, libseccomp, podman (moderate)
An update that solves 7 vulnerabilities, contains one feature and has one errata is now available. Description: This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: fix CVE-2021-41190 [bsc#1193273],...
6.5CVSS
-0.4AI Score
0.005EPSS
Google launches Chrome 99, fixes 28 vulnerabilities
The Chrome team announced the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux on March 1, 2022. This will roll out over the coming days/weeks. In the desktop version, a total of 28 vulnerabilities were closed. Of these, 11 were classified as high, 15 as medium and two as...
0.9AI Score
0.003EPSS
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...
7.8CVSS
0.001EPSS
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...
7.8CVSS
7.8AI Score
0.001EPSS
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...
7.8CVSS
7.4AI Score
0.001EPSS
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...
7.8CVSS
7.9AI Score
0.001EPSS
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...
8.1AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves 17 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source...
9.1CVSS
AI Score
0.003EPSS
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
CVE-2022-0185 linux 内核提权(逃逸) [toc] 漏洞简介 漏洞编号:...
8.4CVSS
8.7AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in Samba – including Badlock – affect ProtecTIER
Summary Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by ProtecTIER. ProtecTIER has addressed the applicable CVEs including the vulnerability commonly referred to as “Badlock”. Vulnerability Details CVEID: CVE-2016-2118 DESCRIPTION: Samba could allow a remote attacker to...
7.5CVSS
7.9AI Score
0.028EPSS
EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2022-1046)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger...
7.8CVSS
7.1AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1046)
The remote host is missing an update for the Huawei...
7.8CVSS
7.3AI Score
0.0004EPSS