Amazon Linux 2 : thunderbird (ALAS-2019-1195)

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

Critical: thunderbird

Issue Overview: When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default...

Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

openSUSE Security Update : MozillaFirefox (openSUSE-2019-1056)

This update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 60.6.1esr MFSA 2019-10 boo1130262 - CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information - CVE-2019-9813: Ionmonkey type confusion with proto mutations Mozilla Firefox was updated to 60.6.0e...

firefox security update

CentOS Errata and Security Advisory CESA-2019:0622 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

firefox security update

CentOS Errata and Security Advisory CESA-2019:0623 An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Updated firefox packages fix security vulnerability

Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...

RHEL 6 : firefox (RHSA-2019:0623)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0623 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20190320)

This update upgrades Firefox to version 60.6.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788 - Mozilla: Use-after-free when removing in-use DOM elements CVE-2019-9790 - Mozilla: Type inference is incorrect for constructors entered throu...

Oracle Linux 7 : firefox (ELSA-2019-0622)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-0622 advisory. 60.6.0-3.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.6.0-3 - Added Google API keys mozbz1531176 60.6.0-2 -...

Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

Mozilla Firefox ESR < 60.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-08 advisory. - A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with th...

CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

CVE-2018-18506

CVE-2018-18506 is a PAC-related issue where a PAC file can cause localhost requests to be proxied. Connected documents confirm Thunderbird is affected and publicly patched: Thunderbird 60.6.1 fixes were released across AL2 (ALAS2-2019-1195), CentOS/RHEL advisories (RHSA-2019:0680/0681), and Debia...

CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

FreeBSD : mozilla -- multiple vulnerabilities (b1f7d52f-fc42-48e8-8403-87d4c9d26229)

Mozilla Foundation reports : CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18503: Memory corruption with Audio Buffer CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18506:...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18503: Memory corruption with Audio Buffer CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18506:...

Apache NetBeans Remote Command Execution Vulnerability

Apache NetBeans is the United States Apache Apache Software Foundation's set of scalable open source software development tools. The product supports Java, C/C++, PHP and HTML5 program development. A remote command execution vulnerability exists in the Proxy Auto-Configuration PAC interpretation ...

CVE-2018-17191

Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...