XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

(RHSA-2023:4955) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

(RHSA-2023:4954) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

(RHSA-2023:4952) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

(RHSA-2023:4951) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

(RHSA-2023:4950) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

(RHSA-2023:4949) Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

(RHSA-2023:4948) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

(RHSA-2023:4947) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

(RHSA-2023:4946) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

(RHSA-2023:4945) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

RHEL 8 : firefox (RHSA-2023:4949)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4949 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 8 : thunderbird (RHSA-2023:4956)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4956 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 8 : thunderbird (RHSA-2023:4946)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4946 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 8 : firefox (RHSA-2023:4952)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4952 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 7 : thunderbird (RHSA-2023:4945)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4945 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

Mozilla Firefox Security Advisory (MFSA2023-34) - Linux

This host is missing a security update for Mozilla...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

RHEL 8 : firefox (RHSA-2023:4951)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4951 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) Mozilla: Memory...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

RHEL 8 : thunderbird (RHSA-2023:4948)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4948 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 8 : thunderbird (RHSA-2023:4954)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4954 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 9 : thunderbird (RHSA-2023:4955)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4955 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 9 : thunderbird (RHSA-2023:4947)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4947 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 9 : firefox (RHSA-2023:4958)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4958 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 8 : firefox (RHSA-2023:4959)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4959 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 8 : firefox (RHSA-2023:4957)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4957 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

RHEL 9 : firefox (RHSA-2023:4950)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4950 advisory. Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) Mozilla: Full screen notification obscured by external...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) Mozilla: Memory corruption in IPC...

Use After Free

Firefox is vulnerable to Use After Free. The vulnerability exists when creating a callback over IPC for showing the File Picker window, which leads to memory corruption, allowing an attacker to cause an application crash by creating multiple of the same...

Use After Free

Firefox is vulnerable to Use After Free. The vulnerability exists when creating a callback over IPC for showing the Color Picker window, which leads to memory corruption, allowing an attacker to cause an application crash by creating multiple of the same...

Use After Free

Firefox is vulnerable to Use After Free. The vulnerability exists when receiving rendering data over IPC mStream, which leads to memory corruption, allowing an attacker to cause an application...

Fedora 37 : firefox (2023-80549d73b9)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-80549d73b9 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...

Fedora 38 : firefox (2023-c679c55cf8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c679c55cf8 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...

Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.

Summary Mozilla Firefox ESR is used by IBM Cloud Pak for Multicloud Management Monitoring as part of the selenium scripts / tests agent. Vulnerability Details ** CVEID: CVE-2023-29539 DESCRIPTION: **Mozilla Firefox could allow a remote attacker to download arbitrary files, caused by the...

Mozilla Thunderbird < 102.15

The version of Thunderbird installed on the remote Windows host is prior to 102.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-37 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have...

Mozilla Thunderbird < 115.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-38 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which...

Mozilla Thunderbird < 115.2

The version of Thunderbird installed on the remote Windows host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-38 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led...

Mozilla Thunderbird < 102.15

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-37 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which...

CVE-2023-4574

The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could.....

CVE-2023-4575

The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...

CVE-2023-4573

The Mozilla Foundation Security Advisory describes this flaw as: When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable...

Mozilla Firefox Security Advisories (MFSA2023-32, MFSA2023-36) - Mac OS X

Mozilla Firefox is prone to multiple...

CVE-2023-4573

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox &lt; 117, Firefox ESR &lt; 102.15, Firefox ESR &lt; 115.2, Thunderbird &lt; 102.15, and Thu...

Mozilla Firefox Security Advisories (MFSA2023-32, MFSA2023-36) - Windows

Mozilla Firefox is prone to multiple...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6320-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6320-1 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...