No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This also hides the connections from the Network tab in Devtools.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The executable file warning did not warn users before opening files with the terminal extension.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and normal/private browsing mode but not profiles.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A use-after-free in FontFaceSet resulted in a potentially exploitable crash.

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140.

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

In the Linux kernel, the following vulnerability has been resolved:\nnet: bgmac: Fix a BUG triggered by wrong bytes_compl\nOn one of our machines we got:\nkernel BUG at lib/dynamic_queue_limits.c:27!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM\nCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1\nHardware name: BRCM XGS iProc\ntask: ee3415c0 task.stack: ee32a000\nPC is at dql_completed+0x168/0x178\nLR is at bgmac_poll+0x18c/0x6d8\npc : [] lr : [] psr: 800a0313\nsp : ee32be14 ip : 000005ea fp : 00000bd4\nr10: ee558500 r9 : c0116298 r8 : 00000002\nr7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851\nr3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180\nFlags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 12c5387d Table: 8e88c04a DAC: 00000051\nProcess irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)\nStack: (0xee32be14 to 0xee32c000)\nbe00: ee558520 ee52c100 ef128810\nbe20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040\nbe40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040\nbe60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a\nbe80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98\nbea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8\nbec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000\nbee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520\nbf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900\nbf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c\nbf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28\nbf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70\nbf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000\nbfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000\nbfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\nbfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000\n[] (dql_completed) from [] (bgmac_poll+0x18c/0x6d8)\n[] (bgmac_poll) from [] (net_rx_action+0x1c4/0x494)\n[] (net_rx_action) from [] (do_current_softirqs+0x1ec/0x43c)\n[] (do_current_softirqs) from [] (__local_bh_enable+0x80/0x98)\n[] (__local_bh_enable) from [] (irq_forced_thread_fn+0x84/0x98)\n[] (irq_forced_thread_fn) from [] (irq_thread+0x118/0x1c0)\n[] (irq_thread) from [] (kthread+0x150/0x158)\n[] (kthread) from [] (ret_from_fork+0x14/0x24)\nCode: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)\nThe issue seems similar to commit 90b3b339364c ("net: hisilicon: Fix a BUG\ntrigered by wrong bytes_compl") and potentially introduced by commit\nb38c83dd0866 ("bgmac: simplify tx ring index handling").\nIf there is an RX interrupt between setting ring->end\nand netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()\ncan miscalculate the queue size while called from bgmac_poll().\nThe machine which triggered the BUG runs a v4.14 RT kernel - but the issue\nseems present in mainline too.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

A use-after-free vulnerability has been discovered in WebAssembly's WebAssembly Binary Toolkit (wabt), specifically within the GetFuncOffset function. This flaw can be triggered by an attacker with local system access through the manipulation of input provided to this function. Successful exploitation of a use-after-free vulnerability can lead to memory corruption, allowing for arbitrary code execution or a denial of service condition.

A denial-of-service vulnerability has been identified in WebAssembly's WebAssembly Binary Toolkit (wabt), specifically within the OnDataCount function. This flaw allows an attacker with local access to trigger runaway resource consumption (for example, excessive memory or CPU usage) by manipulating input provided to this function. This uncontrolled resource use can lead to the host operating system terminating the affected process, resulting in a denial of service.

A denial-of-service vulnerability has been identified in WebAssembly's WebAssembly Binary Toolkit (wabt), specifically within the LogOpcode function. This flaw allows an attacker with local access to trigger a program crash by manipulating input data, leading to a reachable assertion in the code path if the exception is improperly handled. Successful exploitation could impact the availability of applications or services that process WebAssembly binaries using wabt.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

No description is available for this CVE.

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.