Mozilla Firefox < 150.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 150.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-30 advisory. - Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability w...

Mozilla Thunderbird < 140.9.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-29 advisory. - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and...

EUVD-2020-4723

Malware in sbrugna...

ROS-20250818-01

In the gffilterpidresolvefiletemplateex function file filtercore/filterpid.c, line 9045 there is no check of the pointer to NULL before calling the strncmp function. This allows an attacker to to generate a media file with incorrect metadata containing incorrect URLs or HTML tags, which results i...

Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development

This report, released by NSA and CISA, acknowledges the challenges and aims to provide a balanced view of the state of MSLs. Reducing memory safety vulnerabilities requires understanding when MSLs are appropriate, knowing how to adopt them effectively, and recognizing where non-MSLs remain...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Security Vulnerabilities fixed in Firefox ESR 115.21 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. It was possibl...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox: thunderbird: Use-after-free in Custom Highlight CVE-2025-1010 firefox:...

Mozilla Thunderbird < 128.7

The version of Thunderbird installed on the remote Windows host is prior to 128.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-10 advisory. - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of thes...

CVE-2025-0243

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

thunderbird security update

CentOS Errata and Security Advisory CESA-2024:0027 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners: United States National Security Agency United States Federal...

CVE-2023-25745

Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 110...

MGASA-2021-0425 Updated firefox packages fix security vulnerability

Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The firefox...

KLA11945 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in eval function...

SUSE-SU-2020:14389-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release bsc1172402. - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410:...

Designing a COM library for Rust

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language SSPL group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog po...

CVE-2019-12083

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the Error::typeid method is overridden then any type can be safely cast to any other type, causing memory safet...

KLA10876 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. An improper value...