RHEL 8 : thunderbird (RHSA-2020:0292)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0292 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fixes: Mozilla:...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

OPENSUSE-SU-2020:0094-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 68.4.1 fixes the following issues: Security issues fixed: - CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement - CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting - CVE-2019-17017: Type Confusion...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2020:0094-1 Rating: important References: 1160305 1160498 Cross-References: CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Affected Products:...

SUSE-SU-2020:0142-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 68.4.1 fixes the following issues: Security issues fixed: - CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement - CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting - CVE-2019-17017: Type Confusion...

RHEL 8 : thunderbird (RHSA-2020:0127)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0127 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fixes: Mozilla:...

RHEL 6 : thunderbird (RHSA-2020:0123)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0123 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fixes: Mozilla:...

RHEL 7 : thunderbird (RHSA-2020:0120)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0120 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fixes: Mozilla:...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

OPENSUSE-SU-2020:0060-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR Fixed: Security fix MFSA 2020-03 bsc1160498 CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR Fixe...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0078-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 68.4.1 ESR - Fixed: Security fix MFSA 2020-03 bsc1160498 - CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement Firefox Extended Support Release 68.4.0 ESR -...

RHEL 8 : firefox (RHSA-2020:0111)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0111 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 7 : firefox (RHSA-2020:0085)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0085 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200113)

This update upgrades Firefox to version 68.4.1 ESR. Security Fixes : - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 - Mozilla: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 - Mozilla: Type Confusion in XPCVariant.cpp...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20200113)

This update upgrades Firefox to version 68.4.1 ESR. Security Fixes : - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 - Mozilla: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 - Mozilla: Type Confusion in XPCVariant.cpp...

CentOS Update for firefox CESA-2020:0086 centos6

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...