31 matches found
Security Vulnerabilities fixed in Thunderbird 78 — Mozilla
When %2F was present in a manifest URL, Thunderbird's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...
Design/Logic Flaw
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
CVE-2020-12425
CVE-2020-12425 affects Firefox: a one-byte out-of-bounds read in Date.parse() due to hyphen processing could disclose information. Affected product line is Firefox before version 78. Several connected advisories confirm this issue alongside other CVEs and show that fixes were included in subseque...
CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
Security Vulnerabilities fixed in Firefox 78 — Mozilla
When %2F was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...
Design/Logic Flaw
Certain input strings when passed to new Date or Date.parse in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header...
CVE-2015-9242
Certain input strings when passed to new Date or Date.parse in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header...
CVE-2015-9242
CVE-2015-9242 concerns the ecstatic Node.js module. The vulnerability affects versions before 1.4.0 and is triggered when certain input strings are passed via the Last-Modified or If-Modified-Since headers, causing v8 to crash and enabling a denial-of-service condition on the server. The issue st...
Denial of Service
Overview Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected...