CSS & JavaScript Toolbox Security Vulnerabilities
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
5.5AI Score
0.0004EPSS
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox <...
0.0004EPSS
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox <...
6.2AI Score
0.0004EPSS
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox <...
6.5AI Score
0.0004EPSS
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox <...
6.3AI Score
0.0004EPSS
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox <...
0.0004EPSS
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox <...
6.1AI Score
0.0004EPSS
China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics
Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event...
7.8CVSS
7.6AI Score
0.974EPSS
June 11, 2024—KB5039266 (Security-only update)
June 11, 2024—KB5039266 (Security-only update) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see...
9.8CVSS
9.5AI Score
0.003EPSS
June 11, 2024—KB5039274 (Security-only update)
June 11, 2024—KB5039274 (Security-only update) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see...
9.8CVSS
9.5AI Score
0.003EPSS
June 11, 2024—KB5039225 (OS Build 10240.20680)
June 11, 2024—KB5039225 (OS Build 10240.20680) 12/8/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1507, see its update history page. Highlights This update...
9.8CVSS
9.7AI Score
0.003EPSS
June 11, 2024—KB5039227 (OS Build 20348.2527)
June 11, 2024—KB5039227 (OS Build 20348.2527) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when.....
9.8CVSS
7.3AI Score
0.003EPSS
June 11, 2024—KB5039214 (OS Build 14393.7070)
June 11, 2024—KB5039214 (OS Build 14393.7070) 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page. Highlights This update...
9.8CVSS
9.8AI Score
0.003EPSS
June 11, 2024— KB5039330 (OS Build 20348.2522)
June 11, 2024— KB5039330 (OS Build 20348.2522) Improvements and fixes This security update includes quality improvements. When you install this KB: This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. If you...
9.8CVSS
9.7AI Score
0.003EPSS
June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529)
June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529) UPDATED 06/11/24 REMINDER The following editions of Windows 10, version 21H2 are at end of service today, June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that...
9.8CVSS
7.5AI Score
0.003EPSS
June 11, 2024—KB5039260 (Monthly Rollup)
June 11, 2024—KB5039260 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....
9.8CVSS
9.5AI Score
0.003EPSS
June 11, 2024—KB5039217 (OS Build 17763.5936)
June 11, 2024—KB5039217 (OS Build 17763.5936) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...
9.8CVSS
9.8AI Score
0.003EPSS
June 11, 2024—KB5039236 (OS Build 25398.950)
June 11, 2024—KB5039236 (OS Build 25398.950) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
9.8CVSS
9.9AI Score
0.003EPSS
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737)
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...
9.8CVSS
9.8AI Score
0.003EPSS
June 11, 2024—KB5039245 (Monthly Rollup)
June 11, 2024—KB5039245 (Monthly Rollup) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended.....
9.8CVSS
9.4AI Score
0.003EPSS
June 11, 2024—KB5039213 (OS Build 22000.3019)
June 11, 2024—KB5039213 (OS Build 22000.3019) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out.....
9.8CVSS
9.9AI Score
0.003EPSS
June 11, 2024—KB5039294 (Monthly Rollup)
June 11, 2024—KB5039294 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...
9.8CVSS
9.6AI Score
0.003EPSS
June 11, 2024—KB5039289 (Monthly Rollup)
June 11, 2024—KB5039289 (Monthly Rollup) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see Update...
9.8CVSS
9.5AI Score
0.003EPSS
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Notes Author| Note ---|--- tyhicks | mozjs...
5.2AI Score
0.0004EPSS
KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024
KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024 __ End of support information Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance...
6.8AI Score
Mozilla Firefox Security Advisory (MFSA2024-25) - Linux
This host is missing a security update for Mozilla...
7.4AI Score
0.0004EPSS
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey.....
5.7AI Score
0.0004EPSS
KLA68920 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: Security vulnerability when...
9.1AI Score
0.0004EPSS
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127. Notes Author| Note ---|--- tyhicks | moz...
6.6AI Score
0.0004EPSS
Amazon Linux 2 : firefox (ALASFIREFOX-2024-025)
The version of firefox installed on the remote host is prior to 115.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-025 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in...
8.7AI Score
0.0004EPSS
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Notes Author| Note ---|--- tyhicks | mozjs contains ...
5.4AI Score
0.0004EPSS
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...
6.6AI Score
0.0004EPSS
KB5039340: Servicing stack update for Windows Server 2012 R2: June 11, 2024
KB5039340: Servicing stack update for Windows Server 2012 R2: June 11, 2024 __ End of support information Windows 8.1 reached end of support (EOS) on January 10, 2023, at which point technical assistance and software updates are no longer provided. If you have devices running Windows 8.1, we...
6.9AI Score
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Notes Author| Note -...
5.5AI Score
0.0004EPSS
KB5039337: Servicing stack update for Windows 10: June 11, 2024
KB5039337: Servicing stack update for Windows 10: June 11, 2024 __ End of support information Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise LoT editions. After April 9, 2019, these devices are no...
6.8AI Score
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127. Notes Author| Note ---|--- tyhicks | mozjs contains a...
7.5AI Score
0.0004EPSS
KB5039342: Servicing stack update for Windows Server 2012: June 11, 2024
KB5039342: Servicing stack update for Windows Server 2012: June 11, 2024 __ End of support information Windows Server 2012 reached end of support (EOS) on October 10, 2023. Extended Security Updates (ESUs) are available for purchase and will continue for three years, renewable on an annual...
6.8AI Score
The version of Firefox installed on the remote Windows host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the...
7.7AI Score
0.0004EPSS
7.8CVSS
7AI Score
0.44EPSS
KLA68921 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...
8.9AI Score
0.0004EPSS
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur | starting with Ubuntu....
6.2AI Score
0.0004EPSS
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox E...
6.3AI Score
0.0004EPSS
KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024
KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024 __ **End of support information ** As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version...
6.9AI Score
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur | starting with...
6.3AI Score
0.0004EPSS
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec-* headers, meaning there is the potential for incorrect...
6.4AI Score
0.0004EPSS
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127. Notes Author| Note ---|---.....
6AI Score
0.0004EPSS
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. Notes Author| Note ---|--- tyhicks | mozjs contains a....
6.5AI Score
0.0004EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal...
7.9AI Score
0.0004EPSS
By manipulating the text in an <input> tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of...
5.5AI Score
0.0004EPSS
Adobe Experience Manager 6.5.0 < 6.5.21 Multiple Vulnerabilities (APSB24-28)
The version of Adobe Experience Manager installed on the remote host is prior to 6.5.21. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-28 advisory. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query ...
9.8CVSS
7.1AI Score
EPSS