![]() This vulnerability affects Firefox ESR nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This was addressed in the spec and then in browsers. This had the effect of negating SameSite cookie protections. This vulnerability affects Firefox ESR FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR fetch() and XMLHttpRequest however some webservers have implemented non-standard headers such as X-Http-Method-Override that override the HTTP method, and made this attack possible again. *This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). This vulnerability affects Firefox file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. Other operating systems are unaffected.*. This vulnerability affects Firefox *This bug only affects Thunderbird for Linux. This vulnerability affects Firefox *Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox ESR *Note: This issue only affected Mac OS operating systems. ![]() The fix was included in the original release of Firefox 105. This vulnerability affects Firefox *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. Published: Febru5:15:10 PM -0500Ī use-after-free in WebGL extensions could have led to a potentially exploitable crash. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |