CVE-2026-4702 JIT miscompilation in the JavaScript Engine component

JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-21732

The CVE-2026-21732 issue affects the GPU shader compiler library (WebGPU shader compilation path) where loading unusual shader code can trigger an out-of-bounds write, causing a crash. An edge case with very large switch values can cause a segmentation fault via OOB access during conversion in th...

SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

CVE-2026-30960 RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...

PT-2026-24192

Name of the Vulnerable Software and Affected Versions rssn versions prior to 0.2.9 Description The rssn scientific computing library for Rust has an issue in its JIT Just-In-Time compilation engine, which is exposed through the CFFI Foreign Function Interface. Insufficient input validation and...

SUSE CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...

AZL-79568 CVE-2025-69645 affecting package binutils 2.41-10

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...

CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...

firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component...

firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component...

firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component...

UBUNTU-CVE-2026-2764

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An information disclosure vulnerability exists in several Mozilla produc...

[SECURITY] Fedora 42 Update: golang-github-tetratelabs-wazero-1.11.0-1.fc42

WebAssembly is a way to safely run code compiled in other languages. Runtimes execute WebAssembly Modules Wasm, which are most often binaries with a .wasm extension. wazero is a WebAssembly Core Specification 1.0 and 2.0 compliant runtime written in Go. It has zero dependencies, and doesn't rely ...

MiracleLinux 7 : java-11-openjdk-11.0.16.0.8-1.el7 (AXSA:2022-3588:09)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3588:09 advisory. OpenJDK: integer truncation issue in Xalan-J JAXP, 8285407 CVE-2022-34169 OpenJDK: class compilation issue Hotspot, 8281859 CVE-2022-21540 OpenJDK:...

MiracleLinux 9 : thunderbird-102.14.0-1.el9.ML.1 (AXSA:2023-6344:22)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6344:22 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...

MiracleLinux 8 : nodejs:18 (AXSA:2023-6227:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6227:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

MiracleLinux 9 : java-11-openjdk-11.0.23.0.9-3.el9.ML.1 (AXSA:2024-7717:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7717:10 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

MiracleLinux 7 : firefox-102.14.0-1.0.1.el7.AXS7 (AXSA:2023-6310:27)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6310:27 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...