Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Oracle Linux 8 : thunderbird (ELSA-2023-1403)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1403 advisory. 102.9.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.9.0-1 - Update to 102.9.0 build1 Tenable has...

ALSA-2023:1407 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fixes: Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 CVE-2023-28176 Mozill...

Mozilla: Incorrect code generation during JIT compilation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...

AlmaLinux 9 : firefox (ALSA-2023:1337)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1337 advisory. - Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 - Mozilla: Potential out-of-bounds when accessing throttled streams...

AlmaLinux 8 : firefox (ALSA-2023:1336)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:1336 advisory. - Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 - Mozilla: Potential out-of-bounds when accessing throttled streams...

Mozilla: Incorrect code generation during JIT compilation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...

ALSA-2023:1337 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fixes: Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefo...

SUSE-SU-2023:0763-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR bsc1209173: - CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android - CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android -...

Mozilla Firefox Security Advisory (MFSA2023-09) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2023-09. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

PT-2023-1753 · Microsoft · Windows Resilient File System +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to errors in code generation management in the Windows Resilient File System ReFS. It allows an attacker to potentially elevate privileges in...

ChatGPT: A tool for offensive cyber operations?! Not so fast!

ChatGPT: A tool for offensive cyber operations?! Not so fast! By Trellix · March 09, 2023 This story was also written by John Rodriguez. To ChatGPT or to not ChatGPT? That is a predominant question in the cyber landscape these days. It’s no surprise that AI bots have taken society by storm. On th...

CVE-2023-27477

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...

Code injection

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...

CVE-2023-27477

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...

SUSE CVE-2009-1102

Unspecified vulnerability in the Virtual Machine in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."...

SUSE CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

SUSE CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

SUSE CVE-2019-3695

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

PT-2023-1397 · Microsoft · Azure Devops Server

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to incorrect code generation management in Azure DevOps Server, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: At t...