MiracleLinux 8 : thunderbird-102.7.1-1.el8.ML.1 (AXSA:2023-4905:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4905:03 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

MiracleLinux 9 : thunderbird-102.7.1-1.el9.ML.1 (AXSA:2023-5071:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5071:08 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

MiracleLinux 9 : firefox-102.7.0-1.el9.ML.1 (AXSA:2023-5064:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5064:08 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

CVE-2025-23602

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through = 4.8.2...

Linux Distros Unpatched Vulnerability : CVE-2023-23602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to...

TencentOS Server 3: firefox (TSSA-2023:0188)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0188 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-23602 WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through = 4.8.2...

CVE-2025-23602 WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through = 4.8.2...

OESA-2024-2058 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security...

CentOS 8 : thunderbird (CESA-2023:0463)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0463 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Fullscreen notification bypass CVE-2022-46877 - Mozilla: Arbitrary file read from G...

CentOS 8 : firefox (CESA-2023:0288)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0288 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Fullscreen notification bypass CVE-2022-46877 - Mozilla: Arbitrary file read from G...

Rocky Linux 9 : thunderbird (RLSA-2023:0476)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0476 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...

Rocky Linux 8 : firefox (RLSA-2023:0288)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0288 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...

Rocky Linux 8 : thunderbird (RLSA-2023:0463)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0463 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

CVE-2023-23602

CVE-2023-23602 describes a mishandled security check when creating a WebSocket in a WebWorker, causing the Content Security Policy connect-src header to be ignored. Affected products in the provided sources include Firefox (versions before 109), Firefox ESR (before 102.7), and Thunderbird (before...

Mageia: Security Advisory (MGASA-2023-0034)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox ESR have affected APM Synthetic Playback Agent

Summary APM Synthetic Playback Agent is vulnerable to Firefox ESR CVE-2023-23599, CVE-2023-23603, CVE-2023-23605, CVE-2023-23602, CVE-2023-23601, CVE-2023-23598. Firefox ESR is used by APM Synthetic Playback Agent for running the selenium scripts. The fix includes support for Firefox 102.7 ESR...

Security fix for the ALT Linux 10 package firefox-esr version 102.7.0-alt1

102.7.0-alt1 built Feb. 21, 2023 Pavel Vasenkov in task 315243 Jan. 18, 2023 Pavel Vasenkov - New ESR version. - Security fixes + CVE-2022-46871 libusrsctp library out of date + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux + CVE-2023-23599 Malicious command could be hidden i...