72 matches found
MiracleLinux 9 : thunderbird-102.6.0-2.el9.ML.1 (AXSA:2023-5063:07)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5063:07 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...
Linux Distros Unpatched Vulnerability : CVE-2022-46878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of the...
Amazon Linux 2 : firefox (ALASFIREFOX-2023-008)
The version of firefox installed on the remote host is prior to 102.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-008 advisory. The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process cou...
Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.
Summary Mozilla Firefox ESR is used by IBM Cloud Pak for Multicloud Management Monitoring as part of the selenium scripts / tests agent. Vulnerability Details CVEID:CVE-2023-29539 DESCRIPTION: Mozilla Firefox could allow a remote attacker to download arbitrary files, caused by the truncation of...
GLSA-202305-06 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-06 Mozilla Firefox: Multiple Vulnerabilities - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox This bug only affects Thunderbird for Linux...
Rocky Linux 8 : firefox (RLSA-2022:9067)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:9067 advisory. - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox This bug only affects...
Ubuntu: Security Advisory (USN-5782-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5782-3: Firefox regressions
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use th...
USN-5782-2 firefox regressions
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use th...
Security fix for the ALT Linux 10 package thunderbird version 102.6.0-alt1
102.6.0-alt1 built Dec. 23, 2022 Pavel Vasenkov in task 311857 Dec. 16, 2022 Pavel Vasenkov - New version. - Security fixes: + CVE-2022-46880 Use-after-free in WebGL + CVE-2022-46872 Arbitrary file read from a compromised content process + CVE-2022-46881 Memory corruption in WebGL + CVE-2022-4687...
CVE-2022-46878
CVE-2022-46878 corresponds to memory-safety bugs reported in Thunderbird 102.5 with some cases involving memory corruption; affected products include Firefox < 108, Firefox ESR < 102.6, and Thunderbird
CVE-2022-46878
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
CVE-2022-46878
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2022:4579-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4579-1 advisory. Update to version 102.6 bsc1206242: - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872:...
SUSE: Security Advisory (SUSE-SU-2022:4579-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2022-0476)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-5303-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated firefox packages fix security vulnerability
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:9079)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:9079-1 advisory. - Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 - Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and...
Mozilla Firefox ESR Security Advisories (MFSA2022-51, MFSA2022-53) - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...