994 matches found
Astra Linux – Vulnerability in Firefox
When Firefox is configured to block the storage of all cookies, it is still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could allow malicious websites to store tracking data without permission. This vulnerability affects Firefox versions earlier...
Astra Linux – Vulnerability in Firefox
Mozilla developers reported memory safety bugs in Firefox 88. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 89...
Astra Linux – Vulnerability in Firefox and Thunderbird
A website could have obscured the fullscreen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbi...
Astra Linux – Vulnerability in Firefox
There was a potential “use-after-free” vulnerability in SVG images if the Refresh Driver was destroyed at an inappropriate time. This could lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering that it had inadvertentl...
Astra Linux – Vulnerability in Firefox
If an attacker needed a user to load an insecure http: page and knew that the user had enabled HTTPS-only mode, the attacker could trick the user into clicking to grant an HTTPS-only exception, provided they could get the user to participate in a clicking game. This vulnerability affects Firefox...
Astra Linux – Vulnerability in Firefox and Thunderbird
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution within the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux – Vulnerability in Firefox and Thunderbird
Ports that were written as integer overflows above the bounds of a 16-bit integer could potentially bypass port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Astra Linux – Vulnerability in Firefox
A use-after-free could occur if a JavaScript realm was being initialized when a garbage collection started. This vulnerability affects Firefox versions earlier than 125...
Astra Linux – Vulnerability in Firefox and Thunderbird
A Linux user who opened the print preview dialog box could have caused the browser to crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 122. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 123...
Astra Linux – Vulnerability in Firefox
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 108. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versio...
Astra Linux – Vulnerability in Firefox and Thunderbird
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
Astra Linux – Vulnerability in Firefox
The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however, it incorrectly did not sanitize the xlink:href attributes. This vulnerability affects Firefox versions earlier than 102...
Astra Linux – Vulnerability in Firefox
When dragging and dropping an image across origins, the size of the image may be leaked. This behavior was present in version 109 and caused web compatibility issues, as well as this security concern. Therefore, this behavior was disabled until further review. This vulnerability affects Firefox...
Astra Linux – Vulnerability in Firefox and Thunderbird
When opening Diagcab files, Firefox did not warn the user that these files might contain malicious code. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 118. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 119...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs in Thunderbird 91.7. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have...
Astra Linux – Vulnerability in Firefox
Multiple WebRTC threads may have claimed a newly connected audio input, resulting in a use-after-free vulnerability. This vulnerability affects Firefox versions less than 126...
Astra Linux – Vulnerability in Firefox and Thunderbird
Firefox was vulnerable to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...
Astra Linux – Vulnerability in Firefox
The z-order of browser windows can be manipulated to hide the fullscreen notifications. This could potentially be used to carry out a spoofing attack. This vulnerability has been fixed in Firefox 135 and Thunderbird 135...