23 matches found
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
Summary A sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending. In the tested configuration, a JSPI-backed Promise can reach...
Astra Linux - уязвимость в firefox, thunderbird
An attacker was able to perform out-of-bounds read or write operations on a JavaScript Promise object. This vulnerability has been fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...
TencentOS Server 3: firefox (TSSA-2025:0461)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0461 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the jsstdpromiserejectioncheck function when iterating over the rejectedpromiselist. An attacker can achieve arbitrary code execution or cause a crash by supplying a malicious Error object with a custom property getter...
EUVD-2025-15599
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-4918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
OESA-2025-1548 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox E...
OESA-2025-1547 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox E...
OESA-2025-1545 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox E...
CVE-2025-4918
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
Security Vulnerabilities fixed in Thunderbird 138.0.2 — Mozilla
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
CVE-2025-4920
Rejected reason: Duplicate of CVE-2025-4918...
CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...
DEBIAN-CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...
CVE-2025-4920
...
PT-2025-21810 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 138.0.4 Firefox ESR versions prior to 128.10.1 Description: The issue allows an attacker to perform an out-of-bounds read or write on a JavaScript Promise object. Recommendations: For Firefox versions prior to 138.0....