Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM compilation * Mozilla: Potential permissions request bypass via clickjacking * Mozilla: Crash in DO ...
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM compilation * Mozilla: Potential permissions request bypass via clickjacking * Mozilla: Crash in DOMParser due to out-of-memory conditions * Mozill ...
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format . Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more effici ...
Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially unsafe to use it. The upstream developers of Jetty recommend to use Fast CGI instead. See also CVE-2023-36479. CVE-2023-26048 In affected versions servlets with multipart support that call `HttpServletRequest.getParamete ...
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an opti ...
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The erro ...