Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-061 (ALASFIREFOX-2026-061)

The version of firefox installed on the remote host is prior to 140.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-061 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming...

PT-2025-40880

Name of the Vulnerable Software and Affected Versions versions prior to 8.0 Description A crafted animation can trigger a use-after-free write during SANM decoding. This occurs when a STOR chunk is followed by an FOBJ chunk, and the frame has an invalid size. The code attempts to decode a frame...