Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a buffer error vulnerability, which was caused by a boundary condition error in the JavaScript Engine’s JIT component...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by a compilation error in the JavaScript Engine’s JIT component...

PT-2026-40023

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.3 Description An issue exists within the JavaScript Engine component...

PT-2026-40021

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.3 Description JIT miscompilation occurs within the JIT component of the JavaScript Engine. JIT Just-In-Time compilation is a method used to improve the execution speed of programs by compiling code during runtim...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion in the V8 component. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox throug...

Security Vulnerabilities fixed in Firefox 150.0.3 — Mozilla

CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component Reporter ggwhyp Impact high References Bug 2036978 CVE-2026-8389: JIT miscompilation in the JavaScript Engine: JIT component Reporter ggwhyp Impact high References Bug 2036983 CVE-2026-8390: Use-after-free in the...

PT-2026-40020

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.3 Description Incorrect boundary conditions exist in the Just-In-Time JIT component of the JavaScript Engine. JIT is a compilation method that improves performance by compiling bytecode into native machine code ...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

ALSA-2026:15892 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

Agentic Fuzzing: Opportunities and Challenges

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

Updated thunderbird packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

MGASA-2026-0125 Updated thunderbird packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

CVE-2026-7936

An object lifecycle issue flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490485402...

SUSE CVE-2026-7899

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

SUSE CVE-2026-7999

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : WebKitGTK vulnerabilities (USN-8237-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8237-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...

Chromium: CVE-2026-7936 Object lifecycle issue in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7902 Out of bounds memory access in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...