21979 matches found
Astra Linux – Vulnerability in Firefox, Thunderbird
Keyboard events reference strings like “KeyA” that are located at fixed, known, and widely-distributed addresses. Cache-based timing attacks, such as Prime+Probe, could potentially determine which keys were pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Block devices with logical block size page size will be rejected when THP is disabled. If THP is disabled and there are block devices with logical block size page size, the following nullptrderef panic occurs during boot: 13.2 mK...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 112 and Firefox ESR 102.10. Some of these bugs exhibited signs of memory corruption, and we assume that...
Astra Linux – Vulnerability in Firefox and Thunderbird
When exiting fullscreen mode, an iframe could mislead the browser regarding the current state of fullscreen, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
Astra Linux – Vulnerability in mbedtls
A issue was discovered in Mbed TLS before version 2.25.0 and before versions 2.16.9 LTS and 2.7.18 LTS. A NULL algorithm parameter entry resembles an array of REAL values with a size of zero; therefore, the certificate is considered valid. However, if the parameters do not match at all, then the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the remap of the arena. The BPF arena logic did not account for the mremap operation. Added a reference count for multiple mmap events to prevent use-after-free in arenavmclose...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Fixed a crash that occurs when switching to switchdev mode. When switching to switchdev mode if the device does not support IPsec, we attempt to clean up the IPsec resources, which causes a crash. This issue is fixed...
Astra Linux – Vulnerability in Firefox and Thunderbird
The garbage collector might have been aborted in several states and zones, and GCRuntime::finishCollection might not have been called, resulting in a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in Firefox and Thunderbird
It was possible to create specific XSLT markup that could bypass the iframe sandbox. This vulnerability affects Firefox ESR versions prior to 91.5, Firefox versions prior to 96, and Thunderbird versions prior to 91.5...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers reported memory safety bugs in Firefox 91 and Firefox ESR 78.13. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ICE: Fixed NULL pointer dereferencing in iceunplugauxdev when resetting. Issuing a reset command while the driver is loaded without RDMA support will result in a crash, as the function attempts to remove a nonexistent auxbus...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed potential null pointer dereference issues. The amdgpurasgetcontext function may return NULL if the device does not support the RAS feature; therefore, a check must be performed before using this function...
Astra Linux – Vulnerability in exempi
A buffer overflow vulnerability exists in WEBPSupport.cpp in exempi 2.5.0 and earlier, allowing remote attackers to cause a denial of service by opening crafted webp files...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-smbios-wmi: Fixed an oop in rmmod dellsmbios. The initdellsmbioswmi function only registers the dellsmbioswmidriver on systems where the Dell WMI interface is supported. While the exitdellsmbioswmi function...
Astra Linux – Vulnerability in Thunderbird, Firefox
When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Using XMLHttpRequest, an attacker could identify installed applications by probing error messages related to loading external protocols. This vulnerability affects Thunderbird version 91.4.0, Firefox ESR version 91.4.0, and Firefox version 95...
Astra Linux – Vulnerability in Firefox and Thunderbird
Firefox was vulnerable to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...
Astra Linux – Vulnerability in nss
NSS has demonstrated timing differences during the execution of DSA signatures, which can be exploited and may eventually lead to the leakage of private keys. This vulnerability affects Thunderbird versions 68.9.0, Firefox versions 77, and Firefox ESR versions 68.9...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: ipa: Hash tables are only reset when supported. Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes in the ring buffer used for a channel. Recently,...
Astra Linux – Vulnerability in Firefox, Thunderbird
A website could have obscured the fullscreen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbi...