Astra Linux - уязвимость в firefox

Mozilla developers reported memory safety bugs in Firefox 88. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 89...

Astra Linux - уязвимость в firefox

Mozilla developers and community members reported memory safety bugs in Firefox 90. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of...

Linux Distros Unpatched Vulnerability : CVE-2021-29975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of anothe...

CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default. This bug only affects Firefox for Windows in a non-default installatio...

CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

SUSE CVE-2021-29959

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This...

SUSE CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

SUSE CVE-2021-29977

Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 90...

SUSE CVE-2021-29985

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

SUSE CVE-2021-38499

Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 93...

SUSE CVE-2021-43544

When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are...

SUSE CVE-2022-0843

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit...

SUSE CVE-2022-22737

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

SUSE CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

DEBIAN-CVE-2022-31747

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

UBUNTU-CVE-2022-29914

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

UBUNTU-CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

DEBIAN-CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-29993

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...