Security fix for the ALT Linux 10 package firefox-esr version 68.8.0-alt1

May 5, 2020 Andrey Cherepanov 68.8.0-alt1 - New ESR version 68.8.0. - Fixes: + CVE-2020-12387 Use-after-free during worker shutdown + CVE-2020-12388 Sandbox escape with improperly guarded Access Tokens + CVE-2020-12389 Sandbox escape with improperly separated process types + CVE-2020-6831 Buffer...

Security Vulnerabilities fixed in Firefox ESR 68.8 — Mozilla

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.Note: this issue only affects Firef...

Security Vulnerabilities fixed in Thunderbird 68.8.0 — Mozilla

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. A...

Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4335-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an...

USN-4335-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0540-1 Rating: important References: 1167465 1168421 1168911 Cross-References: CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437...

chromium-browser: Use after free in devtools

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

openSUSE: Security Advisory for chromium (openSUSE-SU-2020:0519-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : chromium (openSUSE-2020-519)

This update for chromium fixes the following issues : Chromium was updated to 81.0.4044.92 boo1168911 : - CVE-2020-6454: Use after free in extensions - CVE-2020-6423: Use after free in audio - CVE-2020-6455: Out of bounds read in WebSQL - CVE-2020-6430: Type Confusion in V8 - CVE-2020-6456:...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0519-1 Rating: important References: 1167465 1168421 1168911 Cross-References: CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437...

CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2020-6434

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6443

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page...

UBUNTU-CVE-2020-6434

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6443

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page...

CVE-2020-6434

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6434

CVE-2020-6434 is a use-after-free vulnerability in the Chrome/Chromium DevTools component, reported to affect Chromium before version 81.0.4044.92. The connected advisories attribute an arbitrary code execution impact to this issue, with upstream fixes released in the 81.0.4044.92 timeframe. Reme...

CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page...