9459 matches found
Oracle Linux 6 : firefox (ELSA-2019-3281)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-3281 advisory. - Added fix for mozbz1348168/CVE-2017-5428 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
GHSA-P7V2-P9M8-QQG7 Electron context isolation bypass via nested unserializable return value
Impact Apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds This issue is exploitable under eithe...
AlmaLinux 8 : firefox (ALSA-2023:4952)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...
Debian DSA-5488-1 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5488 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable...
AlmaLinux 9 : firefox (ALSA-2023:4958)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4958 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...
Debian DSA-5485-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5485 advisory. - When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in IPC ColorPickerShownCallback
The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in IPC CanvasTranslator
The Mozilla Foundation Security Advisory describes this flaw as: When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in IPC CanvasTranslator
The Mozilla Foundation Security Advisory describes this flaw as: When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash...
Mozilla: Memory corruption in IPC ColorPickerShownCallback
The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in IPC CanvasTranslator
The Mozilla Foundation Security Advisory describes this flaw as: When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...