Astra Linux - уязвимость в firefox

Data was not properly sanitized during the decoding of a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox versions earlier than 124...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the ACK frame decoding. An attacker can gain elevated privileges by sending specially crafted network packets that trigger an integer underflow during frame parsing. Remediation Upgrade...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the ACK frame decoding. An attacker can gain elevated privileges by sending specially crafted network packets that trigger an integer underflow during frame parsing. Remediation Upgrade...

GHSA-GVVW-8J96-8G5R MsQuic has a Remote Elevation of Privilege Vulnerability

Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. Details Improper Input Validation Integer Underflow Wrap or Wraparound when decoding ACK frame. Patches - Fix underflow in ACK frame parsing - 1e6e999b Impact An attacker who...

CVE-2024-2613

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox 124...

PT-2025-26173 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: quiche versions prior to 0.24.4 Description: The issue is related to incorrect congestion window growth, which could cause quiche to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can explo...

CVE-2024-56609 wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211purgetxqueue to purge TX skb When removing kernel modules by: rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core Driver uses skbqueuepurge to purge TX skb, but not report tx status causing "Have...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6703-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6703-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...

Fedora 38 : firefox (2024-7e71e9eaba)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7e71e9eaba advisory. - Updated to 124.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 39 : firefox (2024-113454b56b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-113454b56b advisory. - Updated to 124.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2024-2613

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox 124...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox version 124, which stems from a buffer overflow that can be caused by improper handling of QUIC ACK frame data...

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...