SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14456-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14456-1 advisory. - By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This appli...

CVE-2021-28681

Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. A WebRTC implementation shouldn't allow the user to continue if verificatio...

CVE-2020-16034

Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page...

Mozilla Thunderbird < 78.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-33 advisory. - Mozilla developers and community members Natalia Csoregi, Simon Giesecke, Jason Kratzer, Christian Holler...

Mozilla Firefox ESR < 68.11

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-31 advisory. - Mozilla developers Jason Kratzer and Luke Wagner reported memory safety bugs present in Firefox 78 and...

CVE-2019-13722

Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Debian DSA-4289-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. - CVE-2018-16067 Zhe Jin discovered ...

CVE-2016-1970

Integer underflow in the srtpunprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

Debian DSA-3507-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. - CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. - CVE-2016-1631 Mariusz...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2610-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2610-1 advisory. Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker...

chromium: multiple issues

CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...

KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Firefox before 37.0, Mozilla Firefox ESR 31.x before 31.6, Mozilla Thunderbird before 31.6. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause a denial of service heap memory corruption and bypass an...

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...