Debian dla-3365 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3365 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3365-1 [email protected]...

Oracle Linux 9 : firefox (ELSA-2023-1337)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1337 advisory. 102.9.0-3.0.1 - Updated homepages to use https Orabug: 34648274 102.9.0-3 - Update to 102.9.0 build2 102.9.0-2 - removed disable-openh264-download...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 7 : firefox (RHSA-2023:1333)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1333 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fixes: Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefo...

[SECURITY] Fedora 36 Update: pypy3.7-7.3.9-5.3.7.fc36

PyPy's implementation of Python 3.7, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...

Denial Of Service (DoS)

firefox-esr is vulnerable to Denial Of Service DoS. The vulnerability exists due to the incorrect code generation during JIT compilation, which allows an attacker to cause an application crash...

SUSE CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

SUSE-SU-2023:0728-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR bsc1209173: - CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android - CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android -...

SUSE CVE-2006-7230

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...

SUSE CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file...

SUSE CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to...

SUSE CVE-2016-5040

libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read and crash via a large length value in a compilation unit header...

SUSE CVE-2016-10132

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service NULL pointer dereference and crash via vectors related to regular expression compilation...

SUSE CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

SUSE CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

SUSE CVE-2019-5771

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

SUSE CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

SUSE CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...