firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the DOM: Core & HTML component...

ROS-20260622-73-0021

The vulnerability in Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures...

ROS-20260622-73-0006

The vulnerability in Thunderbird is related to the use of an uninitialized resource. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20260622-73-0005

The vulnerability in Thunderbird relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Astra Linux – Vulnerability in Firefox and Thunderbird

When segmenting specially crafted text, segmentation may corrupt memory, leading to a potentially exploitable crash. This vulnerability has been fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

Astra Linux – Vulnerability in Firefox, Thunderbird

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 100 and Firefox ESR 91.9. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited t...

Astra Linux – Vulnerability in Firefox and Thunderbird

If an AlignedBuffer is assigned to itself, the subsequent self-move operation may lead to an incorrect reference count, potentially causing a use-after-free issue. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

Astra Linux – Vulnerability in Firefox

A process isolation vulnerability in Thunderbird stems from improper handling of JavaScript URIs. This issue could allow content to execute in the process of the top-level document, rather than in the intended frame, potentially enabling a sandbox escape. This vulnerability has been fixed in...

Astra Linux – Vulnerability in Firefox, Thunderbird

When installing an add-on, Firefox verifies the signature before prompting the user. However, while the user is confirming the prompt, the underlying add-on file could be modified without being detected by Firefox. This vulnerability affects Firefox versions earlier than 98, Firefox ESR versions...

Astra Linux – Vulnerability in Thunderbird, Firefox

Memory safety bugs exist in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute...

Astra Linux – Vulnerability in Thunderbird, Firefox

The length of the certificate was not properly checked when it was added to the certificate store. In practice, only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

Astra Linux – Vulnerability in Thunderbird, Firefox

It was possible to interrupt the processing of a RegExp bailout and execute additional JavaScript code, potentially triggering garbage collection when the engine did not expect it. This vulnerability has been fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox...

Astra Linux – Vulnerability in Thunderbird

When receiving an HTML email that instructed to load an iframe element from a remote location, a request was sent to the remote document. However, Thunderbird did not display the document. This vulnerability affects Thunderbird versions 102.2.1 and Thunderbird 91.13.1...

Astra Linux – Vulnerability in Firefox

Multiple NSS NIST curves were vulnerable to a side-channel attack known as “Minerva”. This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox versions less than 121...

Astra Linux – Vulnerability in Thunderbird

Ribose RNP before version 0.16.3 may hang when the input is malformed...

Astra Linux – Vulnerability in Firefox and Thunderbird

Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...

Astra Linux – Vulnerability in Thunderbird

A use-after-free in WebGL extensions could lead to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

Astra Linux – Vulnerability in Firefox, Thunderbird

By sending a specially crafted push message, a remote server could have terminated the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

Astra Linux – Vulnerability in Firefox and Thunderbird

The JavaScript garbage collector might incorrectly color cross-compartment objects if OOM conditions are detected at the right time between two passes. This could lead to memory corruption. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and...