498 matches found
CVE-2022-28281
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
SUSE-RU-2022:1114-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR bsc1197903: MFSA 2022-14 bsc1197903 CVE-2022-1097: Fixed memory safety violations that could occur when PKCS11 tokens are removed while in use CVE-2022-28281: Fixed an out of bounds write due to...
CVE-2022-28281
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...
UBUNTU-CVE-2022-28281
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation, U.S. A buffer overflow vulnerability exists in Mozilla Firefox, which stems from an unexpected WebAuthN extension that causes out-of-bounds memory writes. An unauthenticated attacker could exploit the vulnerability to...
Security Vulnerabilities fixed in Firefox ESR 91.8 — Mozilla
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...
Security Vulnerabilities fixed in Thunderbird 91.8 — Mozilla
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...
KLA12497 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerability in JIT Codegen Extensions...
FIDO: Here’s Another Knife to Help Murder Passwords
We all hate passwords, but none of us want to make logging into our accounts a hassle with extra time, steps and devices. That’s why the Fast Identity Online Alliance FIDO published a white paper PDF on Thursday, outlining different use cases for the adoption of their FIDO2 set of specifications...
CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
DEBIAN-CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
Buffer overflow
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
UBUNTU-CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
CVE-2022-27240
CVE-2022-27240 concerns Glewlwyd SSO server 2.x before 2.6.2, where a buffer overflow in the WebAuthn support (scheme/webauthn.c) is associated with a WebAuthn assertion. The Red Hat and related advisories confirm the same description. No exploit details are provided in the connected documents. T...
CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion...
Glewlwyd SSO server 安全漏洞
Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in babelouest Glewlwyd SSO server versions 2.x through 2.6.2, which stems from a buffer overflow in the scheme/webauthn.c file in the...