10 matches found
JLSEC-2026-394
When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...
Astra Linux – Vulnerability in Firefox, Thunderbird
When using Alt-Svc, ALPN failed to properly validate certificates when the original server was redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...
firefox: Alt-Svc ALPN validation failure when redirected
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...
CVE-2025-0239
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...
OESA-2023-1443 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called stat followed by fopen in a way that made it...
PT-2022-5939
Name of the Vulnerable Software and Affected Versions curl versions prior to 7.84.0 Description The issue is related to how curl saves cookies, alt-svc, and hsts data to local files. When curl performs this operation, it uses a temporary file that is later renamed to the final target filename...
DEBIAN-CVE-2021-29946
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Mozilla: Port blocking could be bypassed
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Mozilla: Port blocking could be bypassed
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
ALPINE-CVE-2018-1000168
nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...