CVE-2024-6613: The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128…

CVE-2024-6601 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-6601, CVE-2024-6604, CVE-2024-6607, CVE-2024-6608, CVE-2024-6610, CVE-2024-6611, CVE-2024-6612, CVE-2024-6613, CVE-2024-6614, CVE-2024-6615) It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-6602, CVE-2024-6609) Irvan Kurniawan discovered that Firefox did not properly manage memory during thread creation. An attacker could potentially exp

CVE-2024-6613 [MEDIUM] CVE-2024-6613: The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CVE-2024-6613 [MEDIUM] CWE-209 GHSA-fj5c-r5jw-5wp8: The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128.

CVE-2024-13178 [MEDIUM] CWE-440 chromium-browser: Inappropriate implementation in Fullscreen chromium-browser: Inappropriate implementation in Fullscreen Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2024-9121 [HIGH] Chromium: CVE-2024-9121 Inappropriate implementation in V8 Chromium: CVE-2024-9121 Inappropriate implementation in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024 Extended Stable 128.0.2739.97 128.0.6613.170 9/27/2024 FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Micro

CVE-2024-38222 [MEDIUM] CWE-276 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 128.0.2739.42 128.0.6613.84/.85 8/22/2024 FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance. FAQ: What type of information could be disclosed by this vulnerability? The type of informat

CVE-2024-9120 [HIGH] Chromium: CVE-2024-9120 Use after free in Dawn Chromium: CVE-2024-9120 Use after free in Dawn Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024 Extended Stable 128.0.2739.97 128.0.6613.170 9/27/2024 FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (C

CVE-2024-9122 [HIGH] Chromium: CVE-2024-9122 Type Confusion in V8 Chromium: CVE-2024-9122 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024 Extended Stable 128.0.2739.97 128.0.6613.170 9/27/2024 FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chr

CVE-2024-9123 [HIGH] Chromium: CVE-2024-9123 Integer overflow in Skia Chromium: CVE-2024-9123 Integer overflow in Skia Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024 Extended Stable 128.0.2739.97 128.0.6613.170 9/27/2024 FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge

CVE-2024-7971 [CRITICAL] CWE-843 chromium-browser: Type confusion in V8 in Google Chrome allows a remote attacker to exploit heap corruption via a crafted HTML page chromium-browser: Type confusion in V8 in Google Chrome allows a remote attacker to exploit heap corruption via a crafted HTML page Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) A type confusion vulnerability was found in the Chromium web browser. This flaw allows an unauthenticated, remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Statement: Chromium is not shipped in any supported Red Hat offerings. Mitigation: Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you know well and trust.

CVE-2024-7965 [HIGH] CWE-1068 chromium-browser: Inappropriate implementation in V8 in Google Chrome allows a remote attacker to potentially exploit heap corruption chromium-browser: Inappropriate implementation in V8 in Google Chrome allows a remote attacker to potentially exploit heap corruption Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) An inappropriate implementation vulnerability was found in the Chromium web browser. This flaw allows an unauthenticated, remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Statement: Chromium is not shipped in any supported Red Hat offerings. Mitigation: Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to site

CVE-2024-41879 [HIGH] CWE-125 Adobe Systems Incorporated: CVE-2024-41879 Adobe PDF Viewer Remote Code Execution Vulnerability Adobe Systems Incorporated: CVE-2024-41879 Adobe PDF Viewer Remote Code Execution Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 128.0.2739.42 128.0.6613.84/.85 8/22/2024 FAQ: Why is this Adobe CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Adobe software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser? In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window Click on Help and Feedback Click on

CVE-2024-6612 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-6601, CVE-2024-6604, CVE-2024-6607, CVE-2024-6608, CVE-2024-6610, CVE-2024-6611, CVE-2024-6612, CVE-2024-6613, CVE-2024-6614, CVE-2024-6615) It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-6602, CVE-2024-6609) Irvan Kurniawan discovered that Firefox did not properly manage

CVE-2024-6613 [MEDIUM] CVE-2024-6613: firefox - The frame iterator could get stuck in a loop when encountering certain wasm fram... The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Scope: local sid: resolved (fixed in 128.0-1)

CVE-2024-6613 [MEDIUM] Mozilla Foundation Security Advisory 2024-29: CVE-2024-6613 Mozilla Foundation Security Advisory 2024-29 CVE: CVE-2024-6613 Product: Firefox Impact: high Fixed in: Firefox 128

CVE-2024-6613 [MEDIUM] Mozilla Foundation Security Advisory 2024-32: CVE-2024-6613 Mozilla Foundation Security Advisory 2024-32 CVE: CVE-2024-6613 Product: Thunderbird Impact: high Fixed in: Thunderbird 128

CVE-2024-7971 [HIGH] Google tags a tenth Chrome zero-day as exploited this year ## Google tags a tenth Chrome zero-day as exploited this year ## Sergiu Gatlan This was announced in an update to a blog post where the company revealed last week that it had fixed another high-severity zero-day vulnerability (CVE-2024-7971) caused by a V8 type confusion weakness. "Updated on 26 August 2024 to reflect the in the wild exploitation of CVE-2024-7965 which was reported after this release," the company said in today's update . "Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild." Google has fixed both zero-days in Chrome version 128.0.6613.84/.85 for Windows/macOS systems and version 128.0.6613.84 Linux users, which have been rolling out to all users in the Stable Desktop channel since Wednesday. Even though Chrome will automatically update