994 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
If the Content Security Policy blocks frame navigation, the full destination of a redirect served within the frame is reported in the violation report; instead of just the original frame URI. This could be used to disclose sensitive information contained in such URIs. This vulnerability affects...
Astra Linux – Vulnerability in Firefox
TypedArrays can be flawed, and they lack proper exception handling. This could lead to abuse in other APIs that expect TypedArrays to always succeed. This vulnerability affects Firefox versions less than 121...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 118. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 119...
Astra Linux – Vulnerability in Firefox and Thunderbird
Firefox was vulnerable to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...
Astra Linux – Vulnerability in Firefox
The z-order of browser windows can be manipulated to hide the fullscreen notifications. This could potentially be used to carry out a spoofing attack. This vulnerability has been fixed in Firefox 135 and Thunderbird 135...
Astra Linux – Vulnerability in Firefox
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...
Astra Linux – Vulnerability in Firefox
When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141, and Thunderbird 141. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have...
Astra Linux – Vulnerability in Firefox
Passing invalid data could result in invalid Wasm values being created, such as arbitrary integers being converted into pointer values. This vulnerability affects Firefox versions less than 124...
Astra Linux – Vulnerability in Firefox
A malicious website might have included an iframe with a malformed URI, resulting in a non-exploitable browser crash. This vulnerability affects Firefox versions earlier than 126...
Astra Linux – Vulnerability in Firefox
When Firefox is configured to block the storage of all cookies, it is still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could allow malicious websites to store tracking data without permission. This vulnerability affects Firefox versions earlier...
Astra Linux – Vulnerability in Firefox and Thunderbird
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution within the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux – Vulnerability in Firefox
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 108. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versio...
Astra Linux – Vulnerability in Firefox and Thunderbird
A website could have obscured the fullscreen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbi...
Astra Linux – Vulnerability in Firefox
There was a potential “use-after-free” vulnerability in SVG images if the Refresh Driver was destroyed at an inappropriate time. This could lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering that it had inadvertentl...
Astra Linux – Vulnerability in Firefox
If an attacker needed a user to load an insecure http: page and knew that the user had enabled HTTPS-only mode, the attacker could trick the user into clicking to grant an HTTPS-only exception, provided they could get the user to participate in a clicking game. This vulnerability affects Firefox...
Astra Linux – Vulnerability in Firefox
A use-after-free could occur if a JavaScript realm was being initialized when a garbage collection started. This vulnerability affects Firefox versions earlier than 125...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 122. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 123...
Astra Linux – Vulnerability in Firefox and Thunderbird
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
Astra Linux – Vulnerability in Firefox
The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however, it incorrectly did not sanitize the xlink:href attributes. This vulnerability affects Firefox versions earlier than 102...