CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

CVE-2022-46882

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

CVE-2022-46881

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106...

CVE-2022-45406

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5,...

CVE-2022-4632

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue...

CVE-2022-46423

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service...

Design/Logic Flaw

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service...

Updated firefox packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

Oracle Linux 8 : ELSA-2022-9067-1: / firefox (ELSA-2022-90671)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90671 advisory. 102.6.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

Oracle Linux 9 : ELSA-2022-9065-1: / firefox (ELSA-2022-90651)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90651 advisory. 102.6.0-1.0.1 - Updated homepages to use https Orabug: 34648274 102.6.0-1 - Update to 102.6.0 build1 102.5.0-2 - Added libwebrtc screencast patch for...

Mozilla: Use-after-free in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash...

Mozilla: Memory corruption in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free in WebGL extensions could have led to a potentially exploitable crash...

Mozilla: Memory corruption in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free in WebGL extensions could have led to a potentially exploitable crash...

Mozilla: Memory corruption in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free in WebGL extensions could have led to a potentially exploitable crash...

Mozilla: Use-after-free in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash...

Mozilla: Memory corruption in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash...