Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorysecurity issuesoftware updateMageia 8 MGASA-2023-0146 High: Firefox Memory Corruption Risks
Updated firefox and libwebp packages fix security vulnerabilities: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash (CVE-2023-1945). . MGASA-2023-0146 - Updated firefox packages fix security vulnerability Publication date: 15 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0146.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-1945, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29550 Updated firefox and libwebp packages fix security vulnerabilities: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash (CVE-2023-1945). A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks (CVE-2023-29533). Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash (CVE-2023-29535). An attacker could, via JavaScript code, cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash (CVE-2023-29536). When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking usersto install malware (CVE-2023-29539). Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands (CVE-2023-29541). Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 102.9. Some ofthese bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2023-29550). A double-free in libwebp could have led to memory corruption and a potentially exploitable crash (MFSA-TMP-2023-0001). References: - https://bugs.mageia.org/show_bug.cgi?id=31783 - https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/ - https://www.cve.org/CVERecord?id=CVE-2023-1945 - https://www.cve.org/CVERecord?id=CVE-2023-29533 - https://www.cve.org/CVERecord?id=CVE-2023-29535 - https://www.cve.org/CVERecord?id=CVE-2023-29536 - https://www.cve.org/CVERecord?id=CVE-2023-29539 - https://www.cve.org/CVERecord?id=CVE-2023-29541 - https://www.cve.org/CVERecord?id=CVE-2023-29550 SRPMS: - 8/core/firefox-102.10.0-1.mga8 - 8/core/firefox-l10n-102.10.0-1.mga8 - 8/core/libwebp-1.1.0-2.1.mga8 . Mageia 2023-0146 resolves several security vulnerabilities in Firefox, enhancing overall system protection. Discover further details here.. firefox update, Mageia security, memory crash issues, update vulnerabilities, browser security fixes. . LinuxSecurity.com Team
Apr 15, 2023
Mageia
203
security advisorysecurity issuecriticalMageia 8: 2021-0403 Critical: Firefox Memory Corruption Exploit
Updated firefox packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980). . MGASA-2021-0403 - Updated firefox packages fix security vulnerabilities Publication date: 14 Aug 2021 URL: https://advisories.mageia.org/MGASA-2021-0403.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-XXXX Updated firefox packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980). Instruction reordering during JIT optimization resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash (CVE-2021-29984). A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash (CVE-2021-29985). A suspected race condition when calling getaddrinfo while resolving DNS names could have led to memory corruption and a potentially exploitable crash (CVE-2021-29986). Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash (CVE-2021-29988). Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and Olli Pettay reported memory safety bugs present in Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29989). References: - https://bugs.mageia.org/show_bug.cgi?id=29346 - https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/PsqVK-ngKHM - - https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/ - https://www.cve.org/CVERecord?id=CVE-2021-XXXX SRPMS: - 8/core/firefox-78.13.0-1.mga8 -8/core/firefox-l10n-78.13.0-1.mga8 - 8/core/nss-3.69.0-1.mga8 . Recent Firefox updates for Mageia tackle critical memory corruption vulnerabilities with potential exploitation risks. Explore the security advisory and its impact. firefox security,mageia updates,memory safety,security issues. . Severity: Critical. LinuxSecurity.com Team
Aug 14, 2021
•Critical
Mageia
200
security advisorybuffer overflowthunderbirdSciLinux: SLSA-2019-3756-1 Critical Thunderbird Memory Safety Update
This update upgrades Thunderbird to version 68.2.0. * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buf [More...]. Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:3756-1 Issue Date: 2019-11-06 CVE Numbers: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 -- This update upgrades Thunderbird to version 68.2.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) -- SL6 x86_64 thunderbird-68.2.0-2.el6_10.x86_64.rpm thunderbird-debuginfo-68.2.0-2.el6_10.x86_64.rpm i386 thunderbird-68.2.0-2.el6_10.i686.rpm thunderbird-debuginfo-68.2.0-2.el6_10.i686.rpm - Scientific Linux Development Team . Urgent thunderbird security patch released targeting various memory integrity flaws and buffer overflow vulnerabilities within Scientific Linux..thunderbird Update, Mozilla Memory Safety, Security Fix, SL6 Thunderbird, Exposed Buffer Overflows. . Severity: Critical. LinuxSecurity.com Team
Nov 07, 2019
•Critical
Scientific Linux
203
security advisoryfirefoxinteger overflowMageia 6: 2019-0089 Moderate: Firefox Use-After-Free and Overflow Issues
A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash (CVE-2018-18356). An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash . MGASA-2019-0089 - Updated firefox packages fix security vulnerability Publication date: 17 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0089.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-18356, CVE-2019-5785 A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash (CVE-2018-18356). An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash (CVE-2019-5785). References: - https://bugs.mageia.org/show_bug.cgi?id=24361 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ - https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ - https://www.cve.org/CVERecord?id=CVE-2018-18356 - https://www.cve.org/CVERecord?id=CVE-2019-5785 SRPMS: - 6/core/firefox-60.5.1-1.mga6 - 6/core/firefox-l10n-60.5.1-1.mga6 . Revised Thunderbird versions resolve vulnerabilities in Mageia 6, tackling memory corruption and buffer overflow concerns.. firefox security, Mageia update, Skia vulnerabilities, browser fix, integer overflow. . LinuxSecurity.com Team
Feb 17, 2019
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!