Page 5 of 168 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0

03 Sep 2024 — A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. The Mozilla Foundation's Security Advisory: A difference in the handling of Struct... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911909 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0

03 Sep 2024 — The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. • https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0

03 Sep 2024 — Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will This vulnerability af... • https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 • CWE-862: Missing Authorization CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0

03 Sep 2024 — Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. Internal browser event interfaces were exposed to web content wh... • https://bugzilla.mozilla.org/show_bug.cgi?id=1906744 • CWE-273: Improper Check for Dropped Privileges CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0

03 Sep 2024 — A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. The M... • https://bugzilla.mozilla.org/show_bug.cgi?id=1912715 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://github.com/libexpat/libexpat/issues/887 • CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0

30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX. • https://github.com/libexpat/libexpat/issues/888 • CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 1

30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX. • https://github.com/nidhihcl75/external_expat_2.6.2_CVE-2024-45492 • CWE-190: Integer Overflow or Wraparound •

CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0

13 Aug 2024 — Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. A flaw was found in hw in the SNP-SEV firmware. This flaw could allow a privileged attacker to corrupt a guest's private memory, potentially resulting in the loss of data integrity of the guest. Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of... • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-459: Incomplete Cleanup •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

13 Aug 2024 — IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially ... • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html •