28 matches found
Memory corruption
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive da...
Privilege Escalation
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
USN-3398-1 graphite2 vulnerabilities
Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or...
CentOS 7 : graphite2 (CESA-2017:1793)
An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
graphite2 security update
CentOS Errata and Security Advisory CESA-2017:1793 An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
RHEL 7 : graphite2 (RHSA-2017:1793)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1793 advisory. Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities f...
Oracle Linux 7 : graphite2 (ELSA-2017-1793)
From Red Hat Security Advisory 2017:1793 : An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
RedHat Update for graphite2 RHSA-2017:1793-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
thunderbird security update
CentOS Errata and Security Advisory CESA-2017:1561 An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
RedHat Update for firefox RHSA-2017:1440-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)
An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Moderate: Red Hat Security Advisory: nss and nss-util security update
An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
FreeBSD : NSS -- multiple vulnerabilities (32166082-53fa-41fa-b081-207e7a989a0a)
Mozilla Foundation reports : Mozilla has updated the version of Network Security Services NSS library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis. %NASLMINLEVEL 70300 C Tenable Network Security,...
firefox: multiple issues
CVE-2016-1952 CVE-2016-1953 arbitrary code execution Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough...
RedHat Update for nss, nss-util, and nspr RHSA-2015:1981-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for nspr CESA-2015:1981 centos7
Check the version of nspr SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882318";...