Oracle Linux 8 : thunderbird (ELSA-2022-5470)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5470 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.11.0-2 - Update to 91.11.0 build2 91.11.0-1 -...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-181-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.0 / 91.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-181-01 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of...

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these...

Debian DLA-3064-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3064 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume...

Oracle Linux 7 : thunderbird (ELSA-2022-5480)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5480 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.11.0-2 - Update to...

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showe...

Oracle Linux 7 : firefox (ELSA-2022-5479)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5479 advisory. 91.11.0-2.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

Mozilla: CSP bypass enabling stylesheet injection

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

Information Disclosure

Mermaid is vulnerable to information disclosure. The vulnerability exists due to a css injection into the generated graph allowing for arbitrary graph modification leading to information disclosure by querying form data by css selectors...

CVE-2022-31744

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

Mozilla Firefox ESR < 91.11

The version of Firefox ESR installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-25 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of...

Mozilla Firefox ESR < 91.11

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-25 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10...

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

UBUNTU-CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 — Mozilla

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected. Session history navigations m...

MantisBT < 2.25.5 Multiple Vulnerabilities - Windows

MantisBT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MantisBT < 2.25.5 Multiple Vulnerabilities - Linux

MantisBT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...