Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

RHEL 8 : firefox (RHSA-2023:5436)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5436 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla Firefox Resource Management Error Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox, which originates from a post-release reuse vulnerability in Ion Compiler...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-006)

The version of firefox installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-006 advisory. The Mozilla Foundation describes this issue as follows:Unexpected data returned from the Safe Browsing API could...

Medium: libsepol

Issue Overview: The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper. CVE-2021-36084 The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

Important: firefox

Issue Overview: The Mozilla Foundation describes this issue as follows: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. CVE-2023-1945 The Mozilla Foundation describes this issue as follows: A website could have obscured...

Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents

A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time JIT compiler for the Lua programming...

SUSE-SU-2023:3722-1 Security update for rust, rust1.72

This update for rust, rust1.72 fixes the following issues: Changes in rust: - Update to version 1.72.0 - for details see the rust1.72 package Changes in rust1.72: - CVE-2023-40030: fix minor non-exploited issue in cargo bsc1214689 Version 1.72.0 2023-08-24 ========================== Language...

The vulnerability of the stack protection function in the GNU Compiler Collection (GCC), various programming languages, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the stack protection function in the GNU Compiler Collection GCC for various programming languages is related to a violation of the data protection mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of t...

Exploit for Classic Buffer Overflow in Jerryscript

CVE-2023-36109 a poc for cve-2023-36109 request repo g...

Important: ecs-service-connect-agent

Issue Overview: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issu...

[SECURITY] Fedora 39 Update: pypy-7.3.12-3.fc39

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

OSV-2023-857 Segv on unknown address in FunctionCompiler::compileReturn

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62375 Crash type: Segv on unknown address Crash state: FunctionCompiler::compileReturn WasmEdge::AOT::Compiler::compile WasmEdge::AOT::Compiler::compile...