Astra Linux - уязвимость в firefox

Mozilla developers reported memory safety bugs in Firefox 84. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 85...

Linux Distros Unpatched Vulnerability : CVE-2021-23965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-04655)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox for Android prior to version 84. By attempting to connect to a website using a port that fails to respond, an attacker can control the content of tabs...

Session fixation

When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. Note: This...

UBUNTU-CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Use after free in SCTP

Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Incorrect security UI in PWAs

Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox URL bar via a crafted PWA...

chromium-browser: Use after free in tab strip

Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

UBUNTU-CVE-2020-6524

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

CVE-2020-10121

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs SEC-546...