Important: thunderbird

Issue Overview: Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird...

CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

SUSE-SU-2024:3112-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.14 fixed: When using an external installation of GnuPG, Thunderbird occassionally sent/received corrupted messages fixed: Users of external GnuPG were unable to decrypt incorrectly encoded messages bmo1906903...

DEBIAN-CVE-2024-8385

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2...

UBUNTU-CVE-2024-8385

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2...

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that ...

The vulnerability in the WebAssembly component of Mozilla Firefox, Mozilla Firefox ESR, and the Mozilla Thunderbird email client allows a hacker to execute arbitrary code.

The vulnerability in the WebAssembly component of Mozilla Firefox, Mozilla Firefox ESR, and the Mozilla Thunderbird email client allows a hacker to execute arbitrary code...

Mozilla Firefox Security Update (MFSA2024-33) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CWA-2023-004: Excessive number of function parameters in compiled Wasm

A specifically crafted Wasm file can cause the VM to consume excessive amounts of memory when compiling a contract. This can lead to high memory usage, slowdowns, potentially a crash and can poison a lock in the VM, preventing any further interaction with contracts. For more information, see...

PT-2024-40919 · Cosmwasm · Cosmwasm

Name of the Vulnerable Software and Affected Versions: CosmWasm affected versions not specified Description: A specifically crafted Wasm file can cause the VM to consume excessive amounts of memory when compiling a contract, leading to high memory usage, slowdowns, potentially a crash, and can...

SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-SLE / etc (SUSE-SU-2024:3003-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3003-1 advisory. Update to Firefox Extended Support Release 128.1.0 ESR MFSA 2024-35, bsc1228648 - CVE-2024-7518:...

SUSE-SU-2024:3003-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.1.0 ESR MFSA 2024-35, bsc1228648 - CVE-2024-7518: Fullscreen notification dialog can be obscured by document - CVE-2024-7519: Out of bounds memory access in graphics shared memory handling -...

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Typ...

USN-6966-2: Firefox regressions

USN-6966-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

USN-6966-2 firefox regressions

USN-6966-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

Ubuntu: Security Advisory (USN-6966-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6966-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-7518, CVE-2024-7521,...

USN-6966-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-7518, CVE-2024-7521,...

mozilla: Type confusion in WebAssembly

The Mozilla Foundation Security Advisory describes this flaw as: A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution...

mozilla: Incomplete WebAssembly exception handing

The Mozilla Foundation Security Advisory describes this flaw as: Incomplete WebAssembly exception handing could have led to a use-after-free...