OESA-2025-2095 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.

...

An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.

...

CVE-2025-9864

Rejected reason: This CVE ID was assigned in error to a vulnerability that was both introduced and fixed before the code landed in the Stable channel of Chrome, and has been withdrawn...

CVE-2025-9864

Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2025-9864

Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-9864

...

CVE-2025-9864

...

CVE-2025-9864

CVE-2025-9864 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2025-9864

Removed by vendor...

Linux Distros Unpatched Vulnerability : CVE-2014-1721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of...

Linux Distros Unpatched Vulnerability : CVE-2014-1729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2012-5120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or...

Google Chrome < 140.0.7339.80 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 140.0.7339.80. It is, therefore, affected by multiple vulnerabilities as referenced in the 202509stable-channel-update-for-desktop advisory. - Use after free in V8. CVE-2025-9864 - Inappropriate implementation in Toolba...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 434513380 High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28 437147699 Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07...

Fedora 42 : cef (2025-b7cb89ddd3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b7cb89ddd3 advisory. - CVE-2025-8010: Type Confusion in V8 - CVE-2025-8011: Type Confusion in V8 - CVE-2025-8576: Use after free in Extensions - CVE-2025-8578: Use after...

Linux Distros Unpatched Vulnerability : CVE-2022-30975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuJS through 1.2.0, jsPdumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. CVE-2022-30975 Note that Nessus relies on t...

thunderbird: firefox: Uninitialized memory in the JavaScript Engine component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the JavaScript Engine component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 140.2 MFSA 2025-72 bsc1248162: CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component...