106 matches found
SUSE CVE-2022-31015
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...
CVE-2023-25730
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
UBUNTU-CVE-2023-25730
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
GHSA-F5X9-8JWC-25RW Uncaught Exception (due to a data race) leads to process termination in Waitress
Impact Waitress may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. Patches This issue has been fixed in Waitress 2.1.2 ...
AZL-43513 CVE-2022-31015 affecting package python-waitress 1.4.4-7
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...
PYSEC-2022-205
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...
CVE-2022-31015 Uncaught Exception (due to a data race) leads to process termination in Waitress
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer
Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...
The vulnerability of the qemu-seccomp.c component of the QEMU hardware emulator, related to the use of an incomplete black list, allows a hacker to trigger a service failure.
The vulnerability of the qemu-seccomp.c component of the QEMU hardware emulator lies in the use of the seccomp policy only for the main thread. Exploiting this vulnerability allows an attacker to cause a system failure...
Performance-testing the Google I/O site
I've been looking at the performance of F1 websites recently, but before I dig into the last couple of teams, I figured I'd look a little closer to home, and dig into the Google I/O website. 1. Part 1: Methodology & Alpha Tauri 2. Part 2: Alfa Romeo 3. Part 3: Red Bull 4. Part 4: Williams 5. Part...
DEBIAN-CVE-2019-11691
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Mozilla: Use-after-free in XMLHttpRequest
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Mozilla: Use-after-free in XMLHttpRequest
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
UBUNTU-CVE-2019-11691
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Updated radvd packages fix security vulnerability
A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd rhbz1669297...
The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary code or trigger a service denial-of-service attack.
The vulnerability of the Firefox browser in the OMTC component lies in the incorrect invocation of the memset function when interacting with the mozilla::layers::BufferTextureClient::AllocateForSurface function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or...
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox Off Main Thread Compositing (OMTC) implements arbitrary code execution vulnerability
Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A denial of service vulnerability exists in Mozilla Firefox, which could be exploited by remote attackers to execute arbitrary code or launch denial of service attacks...
Memory corruption
The Off Main Thread Compositing OMTC implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code o...
CVE-2015-0806
The Off Main Thread Compositing OMTC implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code o...