firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some ...

firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

Astra Linux - уязвимость в firefox, thunderbird

Bypass of the same-origin policy in the Layout component. This vulnerability has been fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Astra Linux - уязвимость в firefox, thunderbird

The Enhanced Tracking Protection’s Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS attacks through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames disguised as legitimate content. This...

Astra Linux - уязвимость в firefox, thunderbird

In some cases, video frames may have been leaked between their origins. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

Astra Linux - уязвимость в firefox

The Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user’s browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability...

Astra Linux - уязвимость в firefox, thunderbird

A website configured to initiate a specially crafted WebTransport session could cause the Firefox process to crash, resulting in a denial-of-service condition. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

Astra Linux - уязвимость в firefox, thunderbird

An attacker could have placed a datalist element to obscure the address bar. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

Astra Linux - уязвимость в thunderbird, firefox

Memory safety bugs exist in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute...

Astra Linux - уязвимость в firefox, thunderbird

When receiving rendering data via IPC mStream, it might have been destroyed during initialization, which could lead to a use-after-free condition and potentially cause a crash. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...

Astra Linux - уязвимость в firefox, thunderbird

Drivers are not always robust against extremely large draw calls, and in some cases, this scenario could lead to crashes. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...

Astra Linux - уязвимость в thunderbird

A use-after-free in WebGL extensions could lead to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

Astra Linux - уязвимость в firefox

A process isolation vulnerability in Thunderbird stems from improper handling of JavaScript URIs. This issue could allow content to execute in the process of the top-level document, rather than in the intended frame, potentially enabling a sandbox escape. This vulnerability has been fixed in...

Astra Linux - уязвимость в thunderbird, firefox

A race condition during delazification could have led to a use-after-free vulnerability. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

Astra Linux - уязвимость в thunderbird, firefox

On 64-bit CPUs, when the JIT compiler compiles WASM i32 return values, it may pick up bits from remaining memory. This could potentially lead to these values being treated as a different type. This vulnerability has been fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136...

Astra Linux - уязвимость в firefox, thunderbird

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

Astra Linux - уязвимость в thunderbird, firefox

An attacker could have exploited a use-after-free issue through the Custom Highlight API, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

Astra Linux - уязвимость в firefox

The MediaError message property should be consistent to avoid revealing information about cross-origin resources. However, for a cross-origin resource within the same site, this message might reveal information that could be used to carry out XS-Leaks attacks. This vulnerability affects Firefox...

Astra Linux - уязвимость в firefox, thunderbird

An attacker was able to cause memory corruption in the GMP process, which handles encrypted media. This process is also highly sandboxed, but it operates with slightly different privileges compared to the content process. This vulnerability has been fixed in Firefox 142, Firefox ESR 115.27, Firef...

Astra Linux - уязвимость в firefox, thunderbird

Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...