1683 matches found
CVE-2024-7530
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox 129...
CVE-2024-7530
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox 129...
CVE-2024-7530
Mozilla Firefox is affected by CVE-2024-7530 due to an incorrect garbage-collection interaction that can cause a use-after-free in the JavaScript/GC path. Affected: Firefox versions earlier than 129.0. Impact as described: potential crash and, per linked advisories, could lead to arbitrary code e...
CVE-2024-7530
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox 129...
CVE-2024-7528
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1...
Security Vulnerabilities fixed in Thunderbird 128.1 — Mozilla
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....
Mozilla Firefox ESR < 128.1
The version of Firefox ESR installed on the remote Windows host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 -...
Mozilla Firefox < 129.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 129.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-33 advisory. - Incorrect garbage collection interaction could have led to a use-after-free. CVE-2024-7530 - Insufficient...
Mozilla Firefox ESR < 128.1
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 ...
Security Vulnerabilities fixed in Firefox 129 — Mozilla
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....
Garbage collection and closures
Me, Surma, and Jason were hacking on a thing, and discovered that garbage collection within a function doesn't quite work how we expected. function demo const bigArrayBuffer = new ArrayBuffer100000000; const id = setTimeout = console.logbigArrayBuffer.byteLength; , 1000; return = clearTimeoutid;...
Garbage collection and closures
Me, Surma, and Jason were hacking on a thing, and discovered that garbage collection within a function doesn't quite work how we expected. function demo const bigArrayBuffer = new ArrayBuffer100000000; const id = setTimeout = console.logbigArrayBuffer.byteLength; , 1000; return = clearTimeoutid;...
PT-2024-40823 · Git +1 · Ghostscript
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to a segmentation fault on an unknown address. The crash state included functions such as gs gc reclaim, ireclaim, and interp reclaim. Recommendations: At the momen...
kernel: af_unix: Fix garbage collector racing against connect()
A flaw was found in the Linux kernel, where the management of inter-process communication uses AFUNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCMRIGHTS is improperly handled during garbage collection. This situation...
kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
A flaw was found in the Linux kernel’s Netfilter nftables module. The issue arises from improper mutex handling during the garbage collection GC process. The problem occurs between the critical functions nftgcseqbegin and nftgcseqend, where a mutex lock is incorrectly released too early, leading ...
kernel: nftables: nft_set_rbtree skip end interval element from gc
A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nftsetrbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active...
kernel: nftables: nft_set_rbtree skip end interval element from gc
A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nftsetrbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active...
kernel: af_unix: Fix garbage collector racing against connect()
A flaw was found in the Linux kernel, where the management of inter-process communication uses AFUNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCMRIGHTS is improperly handled during garbage collection. This situation...
kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
A flaw was found in the Linux kernel’s Netfilter nftables module. The issue arises from improper mutex handling during the garbage collection GC process. The problem occurs between the critical functions nftgcseqbegin and nftgcseqend, where a mutex lock is incorrectly released too early, leading ...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite ( CVE-2022-3171).
Summary Protobuf-java core and lite are used by IBM Event Streams. The protobuf-java core library provides comprehensive functionality for working with Protocol Buffers, including advanced parsing and serialization, while the protobuf-java-lite library offers a performance-optimized version for...