48 matches found
MiracleLinux 8 : firefox-102.10.0-1.el8.ML.1 (AXSA:2023-5298:15)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5298:15 advisory. MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp Mozilla: Fullscreen notification obscured CVE-2023-29533 Mozilla: Potential Memory Corruption...
CentOS 8 : thunderbird (CESA-2023:1802)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1802 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...
Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.
Summary Mozilla Firefox ESR is used by IBM Cloud Pak for Multicloud Management Monitoring as part of the selenium scripts / tests agent. Vulnerability Details CVEID:CVE-2023-29539 DESCRIPTION: Mozilla Firefox could allow a remote attacker to download arbitrary files, caused by the truncation of...
CVE-2023-29539
creationtimestamp| type| source ---|---|--- 2023-06-02 20:36:34+00:00| seen| https://t.me/cibsecurity/64901...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
Concrete details found: CVE-2023-29539 (Content-Disposition filename truncation on NULL) affects Firefox family and Thunderbird; root cause is NULL character in filename causing truncation and potential Reflected File Download. Connected documents (Astra Linux bulletin, Debian/CentOS advisories) ...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
Important: thunderbird
Issue Overview: The Mozilla Foundation describes this issue as follows: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. CVE-2023-054...
Amazon Linux 2 : thunderbird (ALAS-2023-2028)
The version of thunderbird installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2028 advisory. 2024-01-03: CVE-2023-1999 was added to this advisory. The Mozilla Foundation describes this issue as follows:OCSP...
Ubuntu: Security Advisory (USN-6010-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Rocky Linux 8 : thunderbird (RLSA-2023:1802)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1802 advisory. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key...
CentOS 7 : thunderbird (RHSA-2023:1806)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1806 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...
CentOS: Security Advisory for firefox (CESA-2023:1791)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3400-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 9 : firefox (ALSA-2023:1786)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1786 advisory. - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. CVE-2023-1945 - A website...
Oracle Linux 8 : thunderbird (ELSA-2023-1802)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1802 advisory. 102.10.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.10.0-2 - Update to 102.10.0 build2 102.10.0-...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
RHEL 8 : thunderbird (RHSA-2023:1802)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1802 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes:...