SUSE CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...

CVE-2022-22750

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.This bug only affects Firefox for Windows and MacOS. Other operating...

RHEL 7 : thunderbird (RHSA-2022:9079)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2022:9077)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9077 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

FreeBSD : chromium -- multiple vulnerabilities (5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec advisory. - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to...

openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10086-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10086-1 advisory. - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a...

CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...

CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...

Double free

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...

CVE-2021-21150

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

CVE-2020-6435

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page...

Design/Logic Flaw

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted...

CVE-2019-11765

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted...

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

PT-2019-6365 · Mozilla +2 · Firefox +2

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 70 Description: The issue is related to a compromised child process that could inject XBL Bindings into privileged CSS rules, leading to arbitrary code execution and a sandbox escape. It is also described as a...

Security fix for the ALT Linux 10 package firefox-esr version 60.1.0-alt1

June 26, 2018 Andrey Cherepanov 60.1.0-alt1 - New ESR version 60.1.0. - Fixed: + CVE-2018-12359 Buffer overflow using computed size of canvas element + CVE-2018-12360 Use-after-free when using focus + CVE-2018-12361 Integer overflow in SwizzleData + CVE-2018-12362 Integer overflow in SSSE3 scaler...

openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support

It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...