CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This…

[CRITICAL] Firefox regressions Title: Firefox regressions Summary: USN-6992-1 caused some minor regressions in Firefox. USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-8382, CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389) Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cau

CVE-2024-7526 [CRITICAL] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-7521, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-8382) It was discovered that Thunderbird did not properly manage certain memory operations when processing graphics shared memory. An attacker could potentially exploit this issue to escape the sandbox. (CVE-2024-7519) Irvan Kurniawan discovered that Thunderbird did not properly check an attribute value i

CVE-2024-8385 [CRITICAL] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-8382, CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389) Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-8381) It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploi

CVE-2024-8381 [CRITICAL] CWE-704 mozilla: Type confusion when looking up a property name in a &quot;with&quot; block mozilla: Type confusion when looking up a property name in a "with" block A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. The Mozilla Foundation's Security Advisory: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of suppor

CVE-2024-8381 [CRITICAL] CVE-2024-8381: firefox - A potentially exploitable type confusion could be triggered when looking up a pr... A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Scope: local sid: resolved (fixed in 130.0-1)

CVE-2024-8381 [CRITICAL] Mozilla Foundation Security Advisory 2024-40: CVE-2024-8381 Mozilla Foundation Security Advisory 2024-40 CVE: CVE-2024-8381 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 128.2

CVE-2024-8381 [CRITICAL] Mozilla Foundation Security Advisory 2024-41: CVE-2024-8381 Mozilla Foundation Security Advisory 2024-41 CVE: CVE-2024-8381 Product: Firefox ESR Impact: moderate Fixed in: Firefox ESR 115.15

CVE-2024-8381 [CRITICAL] Mozilla Foundation Security Advisory 2024-39: CVE-2024-8381 Mozilla Foundation Security Advisory 2024-39 CVE: CVE-2024-8381 Product: Firefox Impact: high Fixed in: Firefox 130

CVE-2024-8381 [CRITICAL] Mozilla Foundation Security Advisory 2024-44: CVE-2024-8381 Mozilla Foundation Security Advisory 2024-44 CVE: CVE-2024-8381 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 115.15

CVE-2024-8381 [CRITICAL] Mozilla Foundation Security Advisory 2024-43: CVE-2024-8381 Mozilla Foundation Security Advisory 2024-43 CVE: CVE-2024-8381 Product: Thunderbird Impact: high Fixed in: Thunderbird 128.2

CVE-2024-8382 [CRITICAL] firefox regressions firefox regressions USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-8382, CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389) Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-8381) It

CVE-2024-7521 [CRITICAL] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-7521, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529, CVE-2024-8382) It was discovered that Thunderbird did not properly manage certain memory operations when processing graphics shared memory. An attacker could potentially exploit this issue to escape the sandbox. (CVE-2024-7519) Irvan Kurniawan discovered that Thunderbird did not properly check an attribute value in the editor component, leading to an out-of-bounds read vulnerabili

CVE-2024-8382 [CRITICAL] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-8382, CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389) Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-8381) It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary

CVE-2024-8381 [CRITICAL] CWE-843 GHSA-x565-97fv-jfr5: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

CVE-2024-8381 [CRITICAL] CVE-2024-8381: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.