71 matches found
MGASA-2021-0027 Updated thunderbird packages fix a security vulnerability
Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. CVE-2020-16044 See upstream releasenotes for other changes...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:0072-1)
This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.6.1 ESR - Fixed: Critical security issue MFSA 2021-01 bsc1180623 - CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Note that Tenable Network Security has extracted...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:0053)
The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:0053-1 advisory. - Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk CVE-2020-16044 Note that Nessus has not tested for this issue but has...
Security Vulnerabilities fixed in Thunderbird 78.6.1 — Mozilla
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code...
Serious vulnerability fixed in Mozilla Firefox
A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...
Mozilla Firefox < 84.0.2
The version of Firefox installed on the remote Windows host is prior to 84.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-01 advisory. - A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a...
Mozilla Firefox < 84.0.2
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 84.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-01 advisory. - A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a...
kernel: sctp: sk_ack_backlog wrap-around problem
An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...
kernel: sctp: sk_ack_backlog wrap-around problem
An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...
kernel: sctp: sk_ack_backlog wrap-around problem
An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...
kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
A flaw was found in the way the Linux kernel processed an authenticated COOKIEECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on th...