25 matches found
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the libvpx component in Google Chrome prior to version 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
RockyLinux 8 : libvpx (RLSA-2023:5537)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5537 advisory. libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvpx CVE-2023-44488 Tenable has extracted...
MiracleLinux 8 : libvpx-1.7.0-13.el8_10 (AXSA:2026-287:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-287:01 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
RHEL 8 : thunderbird (RHSA-2026:3979)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3979 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...
MiracleLinux 9 : thunderbird-140.8.0-1.el9_7.ML.1 (AXSA:2026-264:05)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-264:05 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety...
RockyLinux 10 : thunderbird (RLSA-2026:3517)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3517 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bu...
Amazon Linux 2023 : firefox (ALAS2023-2026-1469)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1469 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...
Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-053 (ALASFIREFOX-2026-053)
The version of firefox installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-053 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. Th...
Important: thunderbird
Issue Overview: A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating...
MiracleLinux 9 : firefox-140.8.0-2.el9_7.ML.1 (AXSA:2026-241:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-241:03 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...
libvpx: Heap buffer overflow in libvpx
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Heap buffer overflow in libvpx...
ALSA-2026:3517 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...
OESA-2026-1468 thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were render...
RLSA-2026:3338 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...
AlmaLinux 9 : firefox (ALSA-2026:3339)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3339 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs...
CVE-2026-2447
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2...
CVE-2026-2447 Heap buffer overflow in libvpx
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2...
Mozilla Thunderbird < 140.7.2
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.7.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-11 advisory. - Heap buffer overflow in libvpx. This vulnerability affects Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR...
Fedora 43 : chromium (2026-db342a4417)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-db342a4417 advisory. Update to 144.0.7559.132 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 Tenable has extracted the preceding...