MiracleLinux 8 : thunderbird-102.7.1-1.el8.ML.1 (AXSA:2023-4905:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4905:03 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

MiracleLinux 9 : thunderbird-102.7.1-1.el9.ML.1 (AXSA:2023-5071:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5071:08 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

MiracleLinux 9 : firefox-102.7.0-1.el9.ML.1 (AXSA:2023-5064:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5064:08 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

CVE-2025-23602

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through = 4.8.2...

Linux Distros Unpatched Vulnerability : CVE-2023-23602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to...

TencentOS Server 3: firefox (TSSA-2023:0188)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0188 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-23602 WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through = 4.8.2...

CVE-2025-23602 WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through = 4.8.2...

OESA-2024-2058 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security...

CentOS 8 : firefox (CESA-2023:0288)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0288 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Fullscreen notification bypass CVE-2022-46877 - Mozilla: Arbitrary file read from G...

CentOS 8 : thunderbird (CESA-2023:0463)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0463 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Fullscreen notification bypass CVE-2022-46877 - Mozilla: Arbitrary file read from G...

Rocky Linux 9 : thunderbird (RLSA-2023:0476)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0476 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...

Rocky Linux 8 : firefox (RLSA-2023:0288)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0288 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...

Rocky Linux 8 : thunderbird (RLSA-2023:0463)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0463 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

CVE-2023-23602

CVE-2023-23602 describes a mishandled security check when creating a WebSocket in a WebWorker, causing the Content Security Policy connect-src header to be ignored. Affected products in the provided sources include Firefox (versions before 109), Firefox ESR (before 102.7), and Thunderbird (before...

Mageia: Security Advisory (MGASA-2023-0034)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox ESR have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Firefox ESR CVE-2023-23599, CVE-2023-23603, CVE-2023-23605, CVE-2023-23602, CVE-2023-23601, CVE-2023-23598. Firefox ESR is used by APM Synthetic Playback Agent for running the selenium scripts. The fix includes support for Firefox 102.7 ESR...

Debian: Security Advisory (DLA-3324-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...