Mozilla Firefox < 135.0

The version of Firefox installed on the remote Windows host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-07 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption...

Mozilla Thunderbird < 135.0

The version of Thunderbird installed on the remote Windows host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-11 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory...

Security Vulnerabilities fixed in Thunderbird ESR 128.7 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...

Mozilla Thunderbird < 135.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-11 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of...

Mozilla Thunderbird < 128.7

The version of Thunderbird installed on the remote Windows host is prior to 128.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-10 advisory. - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of thes...

PT-2025-4124

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 135 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 Description A bug in WebAssembly code generation could have led to a crash, potentially allowing an attacke...

USN-7250-1 netdata vulnerabilities

It was discovered that Netdata incorrectly handled parsing JSON input, which could lead to a JSON injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18836 It was discovered that Netdata incorrectly handled parsing HT...

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

...

PT-2025-40348

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description A use-after-free condition exists in V8 when evaluating the compile-time options parameter, which detaches the ArrayBuffer holding the wire bytes. This issue was reported by Google Big Sleep...

BIT-NODE-MIN-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

Astra Linux – Vulnerability in Firefox

A type confusion bug in WebAssembly could be exploited by an attacker to potentially execute malicious code. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1...

webkit2gtk3 security update

2.44.3-2 - Add patch to fix WebAssembly Resolves: RHEL-32578 2.44.3-1 - Update to 2.44.3 Resolves: RHEL-32578 2.44.2-1 - Update to 2.44.2 Resolves: RHEL-32578 2.44.1-1 - Update to 2.44.1 Resolves: RHEL-32578 Resolves: RHEL-29637 2.42.5-1 - Update to 2.42.5 Resolves: RHEL-3960 2.42.4-1 - Update to...

CVE-2024-35423

vmir e8117 was discovered to contain a heap buffer overflow via the wasmparsesectionfunctions function at /src/vmirwasmparser.c...

CVE-2024-35422

vmir e8117 was discovered to contain a heap buffer overflow via the wasmcall function at /src/vmirwasmparser.c...

CVE-2024-35410

wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted wasm file...

AZL-52586 CVE-2024-27532 affecting package fluent-bit for versions less than 3.1.9-2

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

CVE-2024-27532

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

CVE-2024-27532

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

PYSEC-2024-306

wasm3 139076a contains a Use-After-Free in ForEachModule...

AZL-53187 CVE-2024-25431 affecting package fluent-bit for versions less than 2.2.3-5

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...