Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 134 and Thunderbird 134. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 135 and Thunderbird...

CVE-2026-23370 affecting package kernel for versions less than 6.6.130.1-1

CVE-2026-23370 affecting package kernel for versions less than 6.6.130.1-1. An upgraded version of the package is available that resolves this issue...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

thunderbird: firefox: Memory safety bugs

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...

GHSA-G8C6-8FJJ-2R4M vulnerabilities

Vulnerabilities for packages: open-webui, reflex...

CVE-2023-53662

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4fnamesetupfilename,preparelookup If the filename casefolding fails, we'll be leaking memory from the fscryptname struct, namely from the 'cryptobuf.name' member. Make sure we free it in the error pat...

GHSA-X4MX-VV42-5H8P vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-8-openj9, openjdk-17-openj9, openjdk-11-openj9, openjdk-21-openj9, openjdk-26-openj9...

CVE-2025-38648

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

firefox: thunderbird: Incorrect JavaScript state machine for generators

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...

CVE-2025-5268

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption, and we presume that with enough...

SUSE CVE-2025-4091

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory...

firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

netty: SniHandler 16MB allocation leads to OOM

A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per...

Mozilla: Potential Memory Corruption following Garbage Collector compaction

The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash...

SUSE CVE-2007-5934

The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2...

SUSE CVE-2011-3064

Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping...

SUSE CVE-2017-3070

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution...