26 matches found
CVE-2026-47210
A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This sandbox escape vulnerability allows an attacker to execute arbitrary code in the host process. This occurs when untrusted code is executed with asynchronous async support on runtimes that expose WebAssembly...
CVE-2026-47210 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
Summary A sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending. In the tested configuration, a JSPI-backed Promise can reach...
TencentOS Server 3: firefox (TSSA-2025:0461)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0461 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the jsstdpromiserejectioncheck function when iterating over the rejectedpromiselist. An attacker can achieve arbitrary code execution or cause a crash by supplying a malicious Error object with a custom property getter...
EUVD-2025-15599
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-4918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR...
Astra Linux – Vulnerability in Firefox, Thunderbird
An attacker was able to perform out-of-bounds read or write operations on a JavaScript Promise object. This vulnerability has been fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...
The vulnerability of the JavaScript “Promise” object in browsers such as Mozilla Firefox and Firefox ESR allows a perpetrator to execute arbitrary code.
The vulnerability of the JavaScript “Promise” object in Mozilla Firefox and Firefox ESR browsers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
OESA-2025-1548 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox E...
OESA-2025-1547 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox E...
OESA-2025-1545 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox E...
CVE-2025-4918
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
Security Vulnerabilities fixed in Thunderbird 138.0.2 — Mozilla
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
CVE-2025-4920
Rejected reason: Duplicate of CVE-2025-4918...
DEBIAN-CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...