CVE-2024-2612: If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code…

CVE-2024-44942 [HIGH] CWE-99 kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0 RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258 Call Trace: f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834 f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315 do_writepages+0x35b/0x870 mm/page-writeback.c:2612 __writeback_single_inode+0x1

CVE-2024-2610 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-0743, CVE-2024-2611, CVE-2024-2614) Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) Gary Kwong discovered that Thunderbird incorrectly updated return registers for JIT code on Armv7-A systems. An attacker could potent

CVE-2024-2610 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-2609, CVE-2024-2611, CVE-2024-2614, CVE-2024-2615) Hubert Kario discovered that Firefox had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) It was discovered that Firefox did not properly handle WASM register values in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-260

CVE-2024-2612 [HIGH] CWE-416 Mozilla: Self referencing object could have potentially led to a use-after-free Mozilla: Self referencing object could have potentially led to a use-after-free If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red

CVE-2024-2612 [HIGH] CWE-416 If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Fir If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the C

CVE-2024-2612 [HIGH] CVE-2024-2612: firefox - If an attacker could find a way to trigger a particular code path in `SafeRefPtr... If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 124.0-1)

CVE-2024-2612 [HIGH] Mozilla Foundation Security Advisory 2024-12: CVE-2024-2612 Mozilla Foundation Security Advisory 2024-12 CVE: CVE-2024-2612 Product: Firefox Impact: critical Fixed in: Firefox 124

CVE-2024-2612 [HIGH] Mozilla Foundation Security Advisory 2024-13: CVE-2024-2612 Mozilla Foundation Security Advisory 2024-13 CVE: CVE-2024-2612 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.9

CVE-2024-2612 [HIGH] Mozilla Foundation Security Advisory 2024-14: CVE-2024-2612 Mozilla Foundation Security Advisory 2024-14 CVE: CVE-2024-2612 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.9

CVE-2024-0743 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-0743, CVE-2024-2611, CVE-2024-2614) Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) Gary Kwong discovered that Thunderbird incorrectly updated return registers for JIT code on Armv7-A systems. An attacker could potentially exploit this issue to execute arbitrary code. (CVE-2024-2607)

CVE-2024-2609 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-2609, CVE-2024-2611, CVE-2024-2614, CVE-2024-2615) Hubert Kario discovered that Firefox had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) It was discovered that Firefox did not properly handle WASM register values in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-2606) Gary Kwong discovered that Firefox incorrectly updated retur

CVE-2024-2612 [HIGH] CWE-416 GHSA-j8f6-q345-c99f: If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achi If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

CVE-2024-2612 [HIGH] CVE-2024-2612: If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achi If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.