CLSA-2026-1777969446 binutils: Fix of 8 CVEs

CVE-2021-45078: fix heap-based buffer overflow in stabxcoffbuiltintype - CVE-2021-46174: fix buffer overflow in readsectionstabsdebugginginfo - CVE-2022-44840: fix heap buffer overflow in findsectioninset - CVE-2022-45703: fix heap buffer overflow in displaygdbindex - CVE-2022-47695: fix...

MiracleLinux 8 : firefox-128.6.0-1.el8_10.ML.1 (AXSA:2025-9544:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9544:01 advisory. firefox: Use-after-free when breaking lines in text CVE-2025-0238 firefox: Memory corruption when using JavaScript Text Segmentation CVE-2025-0241...

MiracleLinux 9 : firefox-128.6.0-1.el9_5.ML.1 (AXSA:2025-9549:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9549:02 advisory. firefox: Use-after-free when breaking lines in text CVE-2025-0238 firefox: Memory corruption when using JavaScript Text Segmentation CVE-2025-0241...

OSV-2025-510 Use-after-poison in llvm::BitstreamCursor::readRecord

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428525443 Crash type: Use-after-poison READ 1 Crash state: llvm::BitstreamCursor::readRecord BitcodeReader::parseModule llvm::BitcodeModule::getModuleImpl...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 MFSA 2025-05, bsc1234991 Security fixes: CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines in text...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1010)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822...

RockyLinux 8 : firefox (RLSA-2025:0144)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:0144 advisory. firefox: Use-after-free when breaking lines in text CVE-2025-0238 firefox: Memory corruption when using JavaScript Text Segmentation CVE-2025-0241 firefo...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

SUSE CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

Security Vulnerabilities fixed in Thunderbird 134 — Mozilla

The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal...

OSV-2021-1575 Heap-buffer-overflow in bfd_getl16

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40967 Crash type: Heap-buffer-overflow READ 1 Crash state: bfdgetl16 parsemodule bfdvmsfindnearestline...

libemail-address-perl security update

Package : libemail-address-perl Version : 1.889-2+deb6u1 CVE ID : CVE-2014-0477 Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remot...