update firefox
CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
"Certain network request objects were freed too early ... could have lead to a use-after-free causing a potentially exploitable crash."
CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
"Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash."
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/
intel processor data leakage
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
#bwtm #Infosec #CVE-2020-0548 #CVE-2020-0549 #HardwareVuln
speculative execution leaks across cores on intel
https://www.vusec.net/projects/crosstalk/
"Until now, all the attacks assumed that attacker and victim were sharing the same core, so that placing mutually untrusting code on different cores would thwart such attacks."
But, Wait, There's More
#bwtm #infosec #CVE-2020-0543 #HardwareVuln
For the first time, we show that speculative execution enables attackers to leak sensitive information also across cores on many Intel CPUs, bypassing all the existing intra-core mitigations against prior speculative (or transient) execution attacks such Spectre, Meltdown, etc. Until now, all the attacks assumed that attacker and victim were sharing the same core, so … Continue reading CROSSTalk →
Marc
FLOX Advocate
