RHEL 8 : thunderbird (RHSA-2022:0853)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0853 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...
9.8CVSS
9.5AI Score
0.035EPSS
RHEL 8 : thunderbird (RHSA-2022:0847)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0847 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...
9.8CVSS
9.5AI Score
0.035EPSS
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:0850)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0850-1 advisory. Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) ...
9.8CVSS
9.5AI Score
0.035EPSS
Security fix for the ALT Linux 10 package thunderbird version 91.6.2-alt1
91.6.2-alt1 built March 15, 2022 Pavel Vasenkov in task #296375 March 8, 2022 Pavel Vasenkov - New version. - Security fixes: + CVE-2022-26485 Use-after-free in XSLT parameter processing + CVE-2022-26486 Use-after-free in WebGPU IPC...
9.6CVSS
8.9AI Score
0.01EPSS
(RHSA-2022:0853) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
3.8AI Score
0.035EPSS
(RHSA-2022:0850) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
3.8AI Score
0.035EPSS
(RHSA-2022:0847) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
3.8AI Score
0.035EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
9.8CVSS
9.3AI Score
0.035EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
9.8CVSS
8.5AI Score
0.035EPSS
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...
9.8CVSS
9.2AI Score
0.035EPSS
(RHSA-2022:0845) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
3.8AI Score
0.035EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
9.8CVSS
8.5AI Score
0.035EPSS
(RHSA-2022:0843) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) expat: Malformed 2- and...
3.8AI Score
0.035EPSS
Oracle Linux 8 : thunderbird (ELSA-2022-0845)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0845 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...
9.8CVSS
9.3AI Score
0.035EPSS
RHEL 7 : thunderbird (RHSA-2022:0850)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0850 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...
9.8CVSS
9.5AI Score
0.035EPSS
Oracle Linux 7 : thunderbird (ELSA-2022-0850)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0850 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...
9.8CVSS
9.3AI Score
0.035EPSS
RHEL 8 : thunderbird (RHSA-2022:0843)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0843 advisory. thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) expat: Malformed 2- and 3-byte UTF-8 sequences can lead...
9.8CVSS
9.5AI Score
0.035EPSS
RHEL 7 : firefox (RHSA-2022:0824)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0824 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...
9.8CVSS
9.4AI Score
0.035EPSS
Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:0824)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0824-1 advisory. Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) ...
9.8CVSS
9.5AI Score
0.035EPSS
9.6CVSS
7.9AI Score
0.01EPSS
Oracle Linux 7 : firefox (ELSA-2022-0824)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0824 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...
9.8CVSS
9.1AI Score
0.035EPSS
Oracle Linux 8 : firefox (ELSA-2022-0818)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0818 advisory. xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in...
9.8CVSS
9.1AI Score
0.035EPSS
9.6CVSS
9.5AI Score
0.01EPSS
RHEL 8 : firefox (RHSA-2022:0816)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0816 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...
9.8CVSS
9.4AI Score
0.035EPSS
Security fix for the ALT Linux 10 package firefox-esr version 91.6.1-alt1
91.6.1-alt1 built March 11, 2022 Pavel Vasenkov in task #296362 March 7, 2022 Pavel Vasenkov - New ESR version. - Security fixes: + CVE-2022-26485 Use-after-free in XSLT parameter processing + CVE-2022-26486 Use-after-free in WebGPU IPC...
9.6CVSS
8.9AI Score
0.01EPSS
RHEL 8 : firefox (RHSA-2022:0815)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0815 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...
9.8CVSS
9.4AI Score
0.035EPSS
RHEL 8 : firefox (RHSA-2022:0818)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0818 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...
9.8CVSS
9.4AI Score
0.035EPSS
RHEL 8 : firefox (RHSA-2022:0817)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0817 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) expat: Namespace-separator...
9.8CVSS
9.4AI Score
0.035EPSS
(RHSA-2022:0824) Critical: firefox security and bug fix update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
3.5AI Score
0.035EPSS
(RHSA-2022:0818) Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
3.8AI Score
0.035EPSS
Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
9.8CVSS
10AI Score
0.035EPSS
Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
9.8CVSS
10AI Score
0.035EPSS
An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...
9.8CVSS
9.2AI Score
0.035EPSS
Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
9.8CVSS
9.3AI Score
0.035EPSS
(RHSA-2022:0817) Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
3.8AI Score
0.035EPSS
(RHSA-2022:0816) Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
3.8AI Score
0.035EPSS
(RHSA-2022:0815) Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) Mozilla: Use-after-free in WebGPU IPC...
3.8AI Score
0.035EPSS
9.6CVSS
9.5AI Score
0.01EPSS
openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2022:0783-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0783-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the...
9.6CVSS
9.2AI Score
0.01EPSS
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0783-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0783-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...
9.6CVSS
8.9AI Score
0.01EPSS
Security update for MozillaThunderbird (important)
An update that fixes two vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 91.6.2 (bsc#1196809): CVE-2022-26485: Use-after-free in XSLT parameter processing CVE-2022-26486: Use-after-free in WebGPU IPC Framework ...
1.5AI Score
0.01EPSS
SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0778-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0778-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks...
9.6CVSS
8.9AI Score
0.01EPSS
9.6CVSS
9.5AI Score
0.01EPSS
9.6CVSS
9.5AI Score
0.01EPSS
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:0777-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0777-1 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks...
9.6CVSS
8.9AI Score
0.01EPSS
Debian DSA-5094-1 : thunderbird - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5094 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the...
9.6CVSS
8.9AI Score
0.01EPSS
9.6CVSS
9.5AI Score
0.01EPSS
Debian DLA-2939-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2939 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...
9.6CVSS
8.9AI Score
0.01EPSS
Security update for MozillaFirefox (important)
An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): CVE-2022-26485: Use-after-free in XSLT parameter processing CVE-2022-26486: Use-after-free in WebGPU IPC...
1.1AI Score
0.01EPSS
Updated thunderbird packages fix security vulnerabilities
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485). An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape...
9.6CVSS
1.5AI Score
0.01EPSS