Security fix for the ALT Linux 10 package firefox-esr version 91.6.1-alt1

91.6.1-alt1 built March 11, 2022 Pavel Vasenkov in task 296362 March 7, 2022 Pavel Vasenkov - New ESR version. - Security fixes: + CVE-2022-26485 Use-after-free in XSLT parameter processing + CVE-2022-26486 Use-after-free in WebGPU IPC Framework...

OPENSUSE-SU-2022:0804-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 91.6.2 bsc1196809: - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fixes: Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0783-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0783-1 advisory. - Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had...

SUSE: Security Advisory (SUSE-SU-2022:0777-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20220309-02

The vulnerability in the XSLT parameter of Mozilla Firefox and Focus browsers is related to memory usage after its freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the WebGPU 3D graphics processing and computing softwa...

Debian DLA-2939-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2939 advisory. Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in...

Updated thunderbird packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free CVE-2022-26485. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape CVE-2022-26486...

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Two critical zero-day vulnerabilities have been identified in Mozilla Firefox that are being exploited in-the-wild and tracked as CVE-2022-26485 and CVE-2022-26485. Both are use-after-free bugs that exist in XSLT parameter...

Update now! Mozilla patches two actively exploited vulnerabilities

Mozilla has announced it has fixed security vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. Users should install the out-of-band security update as soon as possible, since it is designed to apply a fix for two vulnerabilities that are known to ...

Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape

Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. Both are use-after-free bugs, which are memory-corruption issues that occur when an application continues to...

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free...