EUVD-2015-2833

Malware in sbrugna...

OESA-2025-1235 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

BIT-NODE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23090

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...

AZL-55922 CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

ALPINE-CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

DEBIAN-CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

UBUNTU-CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

UBUNTU-CVE-2025-23090

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23090

CVE-2025-23090 is withdrawn as a duplicate of CVE-2025-23083. Connected records confirm CVE-2025-23083 affects Node.js packages for versions before 20.14.0-4, with patches available in advisory channels (nodejs20). These sources describe the same underlying issue and provide remediation guidance ...

Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2656-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2656-1 advisory. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a...

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...

UBUNTU-CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...

Mozilla: Privilege escalation through internal workers (MFSA 2015-69)

A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox...

Privilege escalation through internal workers — Mozilla

Mozilla community member Jonas Jenwald reported broken behavior in Mozilla's PDF.js PDF file viewer which led to the discovery that internal Workers were incorrectly executed with high privilege. If this flaw were combined with a separate vulnerability allowing for same-origin policy violation, i...