Astra Linux - уязвимость в firefox, thunderbird

In some code patterns, JIT incorrectly optimized switch statements and generated code that contained vulnerabilities related to out-of-bounds reads. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

openSUSE 16 Security Update : MozillaThunderbird (openSUSE-SU-2026:20046-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20046-1 advisory. Changes in MozillaThunderbird: - Mozilla Thunderbird 140.6.0 ESR MFSA 2025-96 bsc1254551 CVE-2025-14321 bmo1992760 Use-after-free in the WebRTC:...

Linux Distros Unpatched Vulnerability : CVE-2021-29945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32...

SUSE CVE-2024-3854

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

Mozilla: JIT code failed to save return registers on Armv7-A

The Mozilla Foundation Security Advisory describes this flaw as: Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected...

SUSE CVE-2019-11772

In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int, byte, int method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Ja...

CVE-2019-2208

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

Firefox and Edge Fall to Hackers on Day Two of Pwn2Own

Hackers took down the Mozilla Firefox and Microsoft Edge browsers on Thursday at Pwn2Own, the annual hacking conference held in tandem with CanSecWest, as the competition continued for a second day. The dynamic hacking duo of Amat Cama and Richard Zhu, which make up team Fluoroacetate, had anothe...

Hackers Take Down Safari, VMware and Oracle at Pwn2Own

Hackers took down Apple Safari, VMware Workstation, and Oracle VirtualBox on Wednesday, the first day of Pwn2Own, the annual hacking competition held in tandem with the CanSecWest conference in Vancouver. Contestants with the team of Fluoroacetate Amat Cama and Richard Zhu were the first to hit p...