23 matches found
Debian dla-4335 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4335 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4335-1 [email protected]...
[SECURITY] [DLA 4172-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4172-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 20, 2025 https://wiki.debian.org/LTS -...
Mozilla Firefox < 138.0.4
The version of Firefox installed on the remote Windows host is prior to 138.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-36 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
PT-2025-14105
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 137 Firefox ESR versions prior to 128.9 Thunderbird versions prior to 137 Thunderbird ESR versions prior to 128.9 Description Memory safety bugs are present, showing evidence of memory corruption. It is presumed that...
MGASA-2025-0009 Updated firefox packages fix security vulnerabilities
WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...
Mozilla Firefox SEoL (53.x)
According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...
MGASA-2022-0013 Updated nss and firefox packages fix security vulnerabilities
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...
SUSE: Security Advisory (SUSE-SU-2013:0850-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2021-0199 Updated firefox packages fix security vulnerabilities
More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...
MGASA-2021-0163 Updated firefox packages fix security vulnerabilities
Texture upload into an unbound backing buffer resulted in an out-of-bound read. CVE-2021-23981 Angle graphics library out of date. CVE-2021-4127 Internal network hosts could have been probed by a malicious webpage. CVE-2021-23982 Malicious extensions could have spoofed popup information...
MGASA-2020-0427 Updated firefox and nss packages fix security vulnerabilities
When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...
MGASA-2020-0377 Updated firefox packages fix security vulnerabilities
Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2020-15673. Firefox sometimes ran the onload...
MGASA-2020-0208 Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...
MGASA-2020-0163 Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...
MGASA-2020-0141 Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: The inputs to sctploadaddressesfrominit are verified by sctparethereunrecognizedparameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk...
Mozilla Firefox ESR < 24.6 Multiple Vulnerabilities
Binary data 701245.prm...
MGASA-2018-0099 Updated firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...
MGASA-2018-0097 Updated firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...
MGASA-2017-0178 Updated firefox packages fix security vulnerabilities
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751,...
MGASA-2016-0105 Updated firefox packages fix security vulnerabilities
Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...