2106 matches found
CVE-2025-1011
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
CVE-2025-1011
CVE-2025-1011 is a WebAssembly code-generation bug that could crash the affected Mozilla components and, per the connected advisories, may enable remote code execution. Public references indicate the vulnerability affects Firefox up to version 135 (and ESR 128.7) and Thunderbird up to 128.7 (and ...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 135, which stems from an error in WebAssembly code generation that could cause a crash...
Security Vulnerabilities fixed in Thunderbird ESR 128.7 — Mozilla
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...
Mozilla Firefox < 135.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-07 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory...
Mozilla Firefox ESR < 128.7
The version of Firefox ESR installed on the remote Windows host is prior to 128.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-09 advisory. - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of thes...
mozilla -- multiple vulnerabilities
[email protected] reports: A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have...
PT-2025-4124
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 135 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 Description A bug in WebAssembly code generation could have led to a crash, potentially allowing an attacke...
Mozilla Firefox < 135.0
The version of Firefox installed on the remote Windows host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-07 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption...
Mozilla Thunderbird < 135.0
The version of Thunderbird installed on the remote Windows host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-11 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory...
Mozilla Thunderbird < 135.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-11 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of...
Mozilla Thunderbird < 128.7
The version of Thunderbird installed on the remote Windows host is prior to 128.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-10 advisory. - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of thes...
USN-7250-1 netdata vulnerabilities
It was discovered that Netdata incorrectly handled parsing JSON input, which could lead to a JSON injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18836 It was discovered that Netdata incorrectly handled parsing HT...
In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
...
PT-2025-40348
Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description A use-after-free condition exists in V8 when evaluating the compile-time options parameter, which detaches the ArrayBuffer holding the wire bytes. This issue was reported by Google Big Sleep...
BIT-NODE-MIN-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
webkit2gtk3 security update
2.44.3-2 - Add patch to fix WebAssembly Resolves: RHEL-32578 2.44.3-1 - Update to 2.44.3 Resolves: RHEL-32578 2.44.2-1 - Update to 2.44.2 Resolves: RHEL-32578 2.44.1-1 - Update to 2.44.1 Resolves: RHEL-32578 Resolves: RHEL-29637 2.42.5-1 - Update to 2.42.5 Resolves: RHEL-3960 2.42.4-1 - Update to...
CVE-2024-35422
vmir e8117 was discovered to contain a heap buffer overflow via the wasmcall function at /src/vmirwasmparser.c...
CVE-2024-35423
vmir e8117 was discovered to contain a heap buffer overflow via the wasmparsesectionfunctions function at /src/vmirwasmparser.c...
CVE-2024-35410
wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted wasm file...