Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Security Vulnerabilities fixed in Thunderbird 78.6.1 — Mozilla

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:0053)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:0053-1 advisory. - Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk CVE-2020-16044 Note that Nessus has not tested for this issue but has...

Serious vulnerability fixed in Mozilla Firefox

A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...

Mozilla Firefox < 84.0.2

The version of Firefox installed on the remote Windows host is prior to 84.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-01 advisory. - A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a...

Mozilla Firefox < 84.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 84.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-01 advisory. - A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a...

CVE-2020-25112

An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet...

CVE-2020-25111

An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet...

CVE-2020-17443

An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6...

CVE-2020-17443

An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6...

Integer overflow

An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6...

Remote code execution

An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet...

Contiki 缓冲区错误漏洞

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. A denial of service and remote code execution vulnerability exists in the IPv6 stack in Contiki 3.0 and earlier versions. The vulnerability stems from insufficient checking of the...

uIP-Contiki-OS 缓冲区错误漏洞

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. A denial of service and remote code execution vulnerability exists in the IPv6 stack in Contiki 3.0 and earlier versions. The vulnerability stems from inconsistent checking of the...

QEMU: slirp: networking out-of-bounds read information disclosure vulnerability

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6sendechoreply routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,...

Fedora: Security Advisory for mumble (FEDORA-2020-8372f6bae4)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mumble-1.3.2-1.fc32

Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...

[SECURITY] Fedora 31 Update: mumble-1.3.2-1.fc31

Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...

Fedora: Security Advisory for mumble (FEDORA-2020-ca26a3f832)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...