This resulted in memory corruption and a potentially exploitable crash. #CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction Reporter Lukas Bernhard Impact high Descriptionįollowing a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. #CVE-2023-1999: Double-free in libwebp Reporter Irvan Kurniawan Impact high DescriptionĪ double-free in libwebp could have led to memory corruption and a potentially exploitable crash. This could have led to user confusion and possible spoofing attacks. #CVE-2023-29533: Fullscreen notification obscured Reporter Irvan Kurniawan Impact high DescriptionĪ website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. Other operating systems are not affected. Note: This attack requires local system access and only affects Windows. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. #CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass Reporter Holger Fuhrmannek Impact high DescriptionĪ local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. This bug only affects Thunderbird for macOS. #CVE-2023-29531: Out-of-bound memory access in WebGL on macOS Reporter DoHyun Lee Impact high DescriptionĪn attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. Mozilla Foundation Security Advisory 2023-15 Security Vulnerabilities fixed in Thunderbird 102.10 Announced ApImpact high Products Thunderbird Fixed in
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |