Aggregator

CVE-2017-7778 | Mozilla Firefox up to 53.x Graphite2 Library out-of-bounds (MFSA 2017-15 / Nessus ID 101011)

Vuldb Updates
3 weeks 5 days ago
A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 53.x. This affects an unknown function of the component Graphite2 Library. Performing manipulation results in out-of-bounds read. This vulnerability is known as CVE-2017-7778. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2017-7764 | Mozilla Firefox up to 53.x Unicode Character input validation (MFSA 2017-15 / Nessus ID 101055)

Vuldb Updates
3 weeks 5 days ago
A vulnerability categorized as problematic has been discovered in Mozilla Firefox up to 53.x. This issue affects some unknown processing of the component Unicode Character Handler. Executing manipulation can lead to improper input validation. This vulnerability is tracked as CVE-2017-7764. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2017-7765 | Mozilla Firefox up to 53.x Mark of the Web 7pk security (MFSA 2017-15 / Nessus ID 101055)

Vuldb Updates
3 weeks 5 days ago
A vulnerability identified as critical has been detected in Mozilla Firefox up to 53.x. Impacted is an unknown function of the component Mark of the Web Handler. The manipulation leads to 7pk security features. This vulnerability is listed as CVE-2017-7765. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2017-7766 | Mozilla Firefox up to 53.x on Windows Updater/Maintenance Service access control (MFSA 2017-15 / Nessus ID 100885)

Vuldb Updates
3 weeks 5 days ago
A vulnerability labeled as problematic has been found in Mozilla Firefox up to 53.x on Windows. The affected element is an unknown function of the component Updater/Maintenance Service. The manipulation results in improper access controls. This vulnerability is cataloged as CVE-2017-7766. The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2017-7767 | Mozilla Firefox up to 53.x on Windows Updater/Maintenance Service access control (MFSA 2017-15 / Nessus ID 100885)

Vuldb Updates
3 weeks 5 days ago
A vulnerability marked as problematic has been reported in Mozilla Firefox up to 53.x on Windows. The impacted element is an unknown function of the component Updater/Maintenance Service. This manipulation causes improper access controls. This vulnerability is registered as CVE-2017-7767. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2017-7768 | Mozilla Firefox up to 53.x on Windows Updater/Maintenance Service File information disclosure (MFSA 2017-15 / Nessus ID 101055)

Vuldb Updates
3 weeks 5 days ago
A vulnerability described as problematic has been identified in Mozilla Firefox up to 53.x on Windows. This affects an unknown function of the component Updater/Maintenance Service. Such manipulation leads to information disclosure (File). This vulnerability is documented as CVE-2017-7768. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2017-7798 | Mozilla Firefox up to 54 Developer Tools XUL code injection (MFSA 2017-18 / Nessus ID 103563)

Vuldb Updates
3 weeks 5 days ago
A vulnerability labeled as critical has been found in Mozilla Firefox up to 54. Affected by this vulnerability is an unknown functionality of the component Developer Tools. Such manipulation as part of XUL leads to code injection. This vulnerability is listed as CVE-2017-7798. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2017-7800 | Mozilla Firefox up to 54 WebSocket use after free (MFSA 2017-18 / Nessus ID 102882)

Vuldb Updates
3 weeks 5 days ago
A vulnerability marked as critical has been reported in Mozilla Firefox up to 54. Affected by this issue is some unknown functionality of the component WebSocket. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2017-7800. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2017-7785 | Mozilla Firefox up to 54 ARIA Attribute memory corruption (MFSA 2017-18 / Nessus ID 102882)

Vuldb Updates
3 weeks 5 days ago
A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 54. The affected element is an unknown function of the component ARIA Attribute Handler. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-7785. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2017-7792 | Mozilla Firefox up to 54 Certificate Viewer OID memory corruption (MFSA 2017-18 / Nessus ID 102882)

Vuldb Updates
3 weeks 5 days ago
A vulnerability categorized as critical has been discovered in Mozilla Firefox up to 54. Affected by this issue is some unknown functionality of the component Certificate Viewer. Such manipulation as part of OID leads to memory corruption. This vulnerability is referenced as CVE-2017-7792. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2017-7779 | Mozilla Firefox up to 54 Memory memory corruption (MFSA 2017-18 / Nessus ID 102882)

Vuldb Updates
3 weeks 5 days ago
A vulnerability identified as critical has been detected in Mozilla Firefox up to 54. Impacted is an unknown function of the component Memory Handler. The manipulation leads to memory corruption. This vulnerability is referenced as CVE-2017-7779. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2017-7793 | Mozilla Firefox up to 55 Fetch API use after free (MFSA 2017-21 / Nessus ID 108820)

Vuldb Updates
3 weeks 5 days ago
A vulnerability was found in Mozilla Firefox up to 55. It has been rated as critical. This vulnerability affects unknown code of the component Fetch API. The manipulation leads to use after free. This vulnerability is traded as CVE-2017-7793. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

微软:Windows 11 24H2 高危漏洞导致文件资源管理器等核心组件崩溃

嘶吼
3 weeks 5 days ago

微软已确认Windows 11 24H2版本存在一处高危漏洞:自2025年7月起发布的累计更新在系统部署过程中,会导致文件资源管理器、开始菜单及其他关键系统组件崩溃。

该漏洞的触发场景包括两种:一是“安装累计更新后的首次用户登录”;二是使用非持久性操作系统安装环境(如虚拟桌面基础架构环境)的用户每次登录时——此类环境中应用包需在每个会话周期重新安装。在受影响的系统中,更新后XAML依赖包无法正常注册,进而导致Windows 11多个核心外壳组件出现故障。

微软在近期发布的支持文档中解释称,依赖XAML包(具体为MicrosoftWindows.Client.CBS、Microsoft.UI.Xaml.CBS和MicrosoftWindows.Client.Core)的应用程序,在更新安装后未能及时完成注册。这一计时同步问题会在系统中连锁扩散,导致关键界面组件无法正常初始化。

最终造成Explorer.exe(文件资源管理器进程)、StartMenuExperienceHost(开始菜单体验主机进程)、ShellHost.exe(外壳主机进程)等外壳组件出现显性错误崩溃或隐性运行失败,用户系统将陷入部分功能失效状态,无法正常显示各类导航工具。

受影响用户可能遭遇多种问题,包括:开始菜单崩溃(常伴随严重错误提示)、文件资源管理器运行时任务栏缺失、核心ShellHost进程(外壳基础结构主机或Windows外壳体验主机)崩溃、设置应用静默启动失败等。

微软表示:“在部署了2025年7月及之后发布的Windows 11 24H2月度累计更新(KB5062553及后续版本)后,开始菜单体验主机、搜索、系统设置、任务栏或文件资源管理器等多个应用可能出现运行异常。”

提供临时解决方案

微软称目前正推进修复方案开发,但尚未给出具体修复时间线。在永久性补丁发布前,微软提供了通过PowerShell命令手动注册缺失包的临时解决方法。

受影响用户需执行以下三条Add-AppxPackage命令(分别针对每个受影响的XAML包),随后重启系统即可恢复功能:

 Add-AppxPackage -Register -Path 'C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\appxmanifest.xml' -DisableDevelopmentMode Add-AppxPackage -Register -Path 'C:\Windows\SystemApps\Microsoft.UI.Xaml.CBS_8wekyb3d8bbwe\appxmanifest.xml' -DisableDevelopmentMode Add-AppxPackage -Register -Path 'C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy\appxmanifest.xml' -DisableDevelopmentMode

然而,该漏洞对采用虚拟桌面基础架构管理非持久性企业环境的机构影响尤为严重——此类环境中员工每次登录都需重新部署应用程序。 

对此,微软建议在非持久性操作系统安装环境中部署登录脚本,确保该脚本在文件资源管理器启动前执行。该批处理文件包装器可保证桌面环境加载前所需包已完全部署,从而避免计时竞争条件引发的故障。

上周,英伟达也发布了GeForce热修复显示驱动程序,以解决2025年10月Windows 11累计更新(KB5066835)引发的游戏性能问题;与此同时,微软发布了带外紧急更新,修复了扩展安全更新(ESU)安装错误及Windows 11热补丁安装循环问题。

胡金鱼

Врач бил током мозг тысячи раз — вызвал движение, эмоцию, память. Но не мысль. Никогда. Кто мы тогда на самом деле?

Securitylab.ru
3 weeks 5 days ago
Эгнор заявляет, что за всю историю современной нейронауки никто так и не смог напрямую простимулировать разум или свободу воли, только движения, чувства и эмоции.

Managed ad