thunderbird: Crash when aborting verification of OTR chat

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash...

mozilla: Type Confusion in Async Generators in Javascript Engine

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

thunderbird: Crash when aborting verification of OTR chat

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash...

mozilla: Type Confusion in Async Generators in Javascript Engine

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

mozilla: Type confusion when looking up a property name in a "with" block

The Mozilla Foundation's Security Advisory: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment...

mozilla: Type Confusion in Async Generators in Javascript Engine

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

mozilla: Type Confusion in Async Generators in Javascript Engine

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

Type Confusion

Firefox is vulnerable to a type confusion vulnerability. The vulnerability is due to an error in the ECMA-262 specification relating to Async Generators, which could lead to memory corruption. Attackers can exploit this to cause an exploitable crash...

Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380, CompactLogix 5480, 1756-EN4 Vulnerability : Improper Input Validation 2. RISK...

AutomationDirect DirectLogic H2-DM1E

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : AutomationDirect Equipment : DirectLogic H2-DM1E Vulnerabilities : Session Fixation, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of...

Siemens Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SIMATIC RFID Readers

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SIMATIC, SIPLUS, and TIM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

CVE-2024-8576

The CVE-2024-8576 issue affects TOTOLINK AC1200 T8/T10 (versions 4.1.5cu.861_B20230220–4.1.8cu.5207) where an input in the setIpPortFilterRules function (/cgi-bin/cstecgi.cgi) allows manipulation of the desc parameter to cause a buffer overflow. This enables a remote attacker to potentially corru...

FreeBSD : firefox -- Potential memory corruption and exploitable crash (7ade3c38-6d1f-11ef-ae11-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ade3c38-6d1f-11ef-ae11-b42e991fc52e advisory. [email protected] reports: An error in the ECMA-262 specification relating to Async Generators could...

CVE-2024-7652

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox 128, Firefox ESR 115.13, Thunderbird 115.13, and Thunderbird 128...

CVE-2024-7652

CVE-2024-7652 involves a type confusion in the ECMA-262 Async Generators path that could lead to memory corruption and an exploitable crash. Affected products include Firefox and Thunderbird releases prior to 128 (Firefox <128, ESR <115.13; Thunderbird <115.13 and

CVE-2024-8394

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird 128.2...

firefox -- Potential memory corruption and exploitable crash

[email protected] reports: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...