92 matches found
CVE-2022-40960
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40960
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40960
CVE-2022-40960: Concurrent use of the URL parser with non-UTF-8 data is not thread-safe, causing a use-after-free and potentially exploitable crash. Affected products include Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox
Denial Of Service (DoS)
firefox is vulnerable to denial of service. The vulnerability exists because loading fonts on workers was not thread-safe which allows an attacker to cause an application crash...
CVE-2022-40960
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Debian dla-3123 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3123 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3123-1 [email protected]...
Debian DSA-5238-1 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5238 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. CVE-2022-40956 -...
Oracle Linux 9 : thunderbird (ELSA-2022-6717)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6717 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...
Debian DSA-5237-1 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5237 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...
Security Vulnerabilities fixed in Thunderbird 102.3 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...
MoinMoin Denial of Service vulnerability via password_checker function
The passwordchecker function in config/multiconfig.py in MoinMoin prior to version 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...
GHSA-WJJC-M3FC-FCM8 MoinMoin Denial of Service vulnerability via password_checker function
The passwordchecker function in config/multiconfig.py in MoinMoin prior to version 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...
Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...
Python 3.2.x < 3.2.6, 3.3.x < 3.3.6, 3.4.x < 3.4.1 os.makedirs() not thread-safe (bpo-21082) - Linux
Python is prone to a local security bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...
CVE-2021-0652
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Mozilla Rust Command Injection Vulnerability (CNVD-2021-85290)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to send non-thread-safe EntityStore and ComponentStores across threads and cause data contention...
Data races in max7301
The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...
GHSA-RMFF-F8W9-C9RM Data races in max7301
The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...
OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Windows
OpenSSL is prone to TLS ephemeral ECDH crashes. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...