CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

CVE-2026-34971

Wasmtime’s Cranelift backend on the aarch64 path contains a miscompile of a specific load pattern (load(iadd(base, ishl(index, amt)))) that can diverge between bounds checking and loading, enabling an arbitrary read/write of host memory and thus a sandbox escape for guest WebAssembly. Affected ra...

CVE-2026-34971 Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

RLSA-2026:5932 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...

MiracleLinux 9 : thunderbird-140.8.0-1.el9_7.ML.1 (AXSA:2026-264:05)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-264:05 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety...

CVE-2026-2796 JIT miscompilation in the JavaScript: WebAssembly component

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

Mozilla Firefox Security Advisory (MFSA2025-80) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2025-80. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2025-11153

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3...

SUSE CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39776 CVE-2024-31852 affecting package clang for versions less than 18.1.2-2

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39842 CVE-2024-31852 affecting package rust for versions less than 1.72.0-8

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39713 CVE-2024-31852 affecting package lld for versions less than 18.1.2-2

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39728 CVE-2024-31852 affecting package lldb for versions less than 18.1.2-2

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39785 CVE-2024-31852 affecting package rust for versions less than 1.75.0-9

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...