XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

RHEL 8 : thunderbird (RHSA-2022:0853)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0853 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...

RHEL 8 : thunderbird (RHSA-2022:0847)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0847 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:0850)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0850-1 advisory. Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) ...

Security fix for the ALT Linux 10 package thunderbird version 91.6.2-alt1

91.6.2-alt1 built March 15, 2022 Pavel Vasenkov in task #296375 March 8, 2022 Pavel Vasenkov - New version. - Security fixes: + CVE-2022-26485 Use-after-free in XSLT parameter processing + CVE-2022-26486 Use-after-free in WebGPU IPC...

(RHSA-2022:0853) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

(RHSA-2022:0850) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

(RHSA-2022:0847) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...

(RHSA-2022:0845) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

(RHSA-2022:0843) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...

Oracle Linux 8 : thunderbird (ELSA-2022-0845)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0845 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...

RHEL 7 : thunderbird (RHSA-2022:0850)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0850 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...

Oracle Linux 7 : thunderbird (ELSA-2022-0850)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0850 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...

RHEL 8 : thunderbird (RHSA-2022:0843)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0843 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...

RHEL 7 : firefox (RHSA-2022:0824)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0824 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:0824)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0824-1 advisory. Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) ...

SUSE: Security Advisory (SUSE-SU-2022:14906-1)

The remote host is missing an update for...

Oracle Linux 7 : firefox (ELSA-2022-0824)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0824 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...

Oracle Linux 8 : firefox (ELSA-2022-0818)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0818 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...

SUSE: Security Advisory (SUSE-SU-2022:0804-1)

The remote host is missing an update for...

RHEL 8 : firefox (RHSA-2022:0816)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0816 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...

Security fix for the ALT Linux 10 package firefox-esr version 91.6.1-alt1

91.6.1-alt1 built March 11, 2022 Pavel Vasenkov in task #296362 March 7, 2022 Pavel Vasenkov - New ESR version. - Security fixes: + CVE-2022-26485 Use-after-free in XSLT parameter processing + CVE-2022-26486 Use-after-free in WebGPU IPC...

RHEL 8 : firefox (RHSA-2022:0815)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0815 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...

RHEL 8 : firefox (RHSA-2022:0818)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0818 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...

RHEL 8 : firefox (RHSA-2022:0817)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0817 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...

(RHSA-2022:0824) Critical: firefox security and bug fix update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

(RHSA-2022:0818) Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

(RHSA-2022:0817) Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

(RHSA-2022:0816) Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

(RHSA-2022:0815) Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...

SUSE: Security Advisory (SUSE-SU-2022:0783-1)

The remote host is missing an update for...

openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2022:0783-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0783-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0783-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0783-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...

Security update for MozillaThunderbird (important)

An update that fixes two vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 91.6.2 (bsc#1196809): CVE-2022-26485: Use-after-free in XSLT parameter processing CVE-2022-26486: Use-after-free in WebGPU IPC Framework ...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0778-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0778-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks...

SUSE: Security Advisory (SUSE-SU-2022:0777-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2022:0778-1)

The remote host is missing an update for...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:0777-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0777-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks...

Debian DSA-5094-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5094 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the...

Mageia: Security Advisory (MGASA-2022-0094)

The remote host is missing an update for...

Debian DLA-2939-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2939 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...

Security update for MozillaFirefox (important)

An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): CVE-2022-26485: Use-after-free in XSLT parameter processing CVE-2022-26486: Use-after-free in WebGPU IPC...

Updated thunderbird packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485). An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape...