firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

Astra Linux - уязвимость в firefox, thunderbird

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Astra Linux - уязвимость в firefox, thunderbird

JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

Astra Linux - уязвимость в firefox

tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...

Astra Linux - уязвимость в firefox

JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability has been fixed in Firefox 145 and Thunderbird 145...

Astra Linux - уязвимость в node-ejs

The ejs also known as Embedded JavaScript templates package version 3.1.6 for Node.js enables server-side template injection in settings view optionsoutputFunctionName. This is parsed as an internal option, and the outputFunctionName option is overwritten with an arbitrary OS command which is...

Astra Linux - уязвимость в jsoup

jsoup is a Java HTML parser designed for HTML editing, cleaning, scraping, and XSS Cross-Site Scripting protection. However, jsoup may incorrectly sanitize HTML containing javascript: URLs, which could allow XSS attacks when a user clicks on those links. If the non-default...

Astra Linux - уязвимость в firefox, thunderbird

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

Astra Linux - уязвимость в firefox

By using 3D CSS in conjunction with JavaScript, content could be rendered outside the webpage’s viewport. This led to a spoofing attack that could be used for phishing or other attacks against users. This vulnerability affects Firefox versions earlier than 88...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary JavaScript code execution...

Astra Linux - уязвимость в thunderbird

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive Chrome-level privileges; however, it could be used as a stepping stone for further attacks involving other vulnerabilities. This vulnerability affects...

Astra Linux - уязвимость в firefox, thunderbird

JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

Astra Linux - уязвимость в firefox

By using XSL Transforms, a malicious webserver could serve a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox versions earlier than 97...

Astra Linux - уязвимость в pypy, jython

The documentation XML-RPC server in Python, from versions 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4, has XSS vulnerabilities due to the servertitle field. This issue occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If the setservertitle function ...

Astra Linux - уязвимость в firefox, thunderbird

If an attacker could control the contents of an iframe that was sandboxed using allow-popups but not allow-scripts, they could create a link that, when clicked, would cause JavaScript execution, violating the sandboxing rules. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbi...

Astra Linux - уязвимость в libfastjson

JSON-C version 0.14 has an integer overflow issue, and there is a risk of out-of-bounds write operations through a large JSON file, as demonstrated by the printbufmemappend function...

Astra Linux - уязвимость в golang-1.19

Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...

Astra Linux - уязвимость в chromium

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в zabbix

The implementation of atob in "Zabbix JS" allows for creating a string with arbitrary content and using it to access internal properties of objects...