Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2024-7531

The Mozilla Foundation Security Advisory describes this flaw as: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

CVE-2024-7531 involves Mozilla Firefox and Firefox ESR. The connected documents confirm the underlying vulnerability: calling PK11_Encrypt() in NSS with CKM_CHACHA20 and using the same buffer for input and output can expose plaintext on Intel Sandy Bridge CPUs. In Firefox, the impact is limited t...

Security Vulnerabilities fixed in Firefox ESR 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)

"Mozilla NSS has been updated to 3.15.2 bnc847708 bringing various features and bugfixes : The main feature is TLS 1.2 support and its dependent algorithms. - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add...

SuSE 11.2 Security Update : Mozilla NSS (SAT Patch Number 8484)

"Mozilla NSS has been updated to 3.15.2 bnc847708 bringing various features and bugfixes : The main feature is TLS 1.2 support and its dependent algorithms. - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add...