Stable Channel Update for Desktop

The stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV

Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV function eventhandler1 CollectGarbage; function eventhandler5 try /FileReader/ var var00063 = new FileReader; catcherr //line 68 try /Blob/ var var00064 = new Blob; catcherr //line 69 try...

Fedora 22 : php (2016-65f1ffdc0c)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

CVE-2016-1963

The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service memory corruption by changing a file during a FileReader API read operation...

CVE-2016-1963

CVE-2016-1963: In Mozilla Firefox, the FileReader API can be abused to memory-corrupt the process by changing a file during a FileReader read operation, allowing a local attacker to gain privileges or cause a denial of service. Affected are Firefox versions prior to 45.0; remediation is to upgrad...

FreeBSD : mozilla -- multiple vulnerabilities (2225c5b4-1e5a-44fc-9920-b3201c384a15)

Mozilla Foundation reports : MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...