Tagged: Cybersecurity Alert

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2025067

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2023407

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2025883

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2027499

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2027501

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2027541

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=1880429

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=1992585

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2013588

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2013619

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2016164

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2016923

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with...

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2014596