chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 1484394 High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 1504936 High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane rebane2001 on 2023-11-24 1496250 Medium...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 121.0.6167.85 and earlier versions, which stems from an insufficient policy enforcement issue in the DevTools module. An attacker can exploit this vulnerability to bypa...

CVE-2024-0751

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

Mozilla Thunderbird < 115.7

The version of Thunderbird installed on the remote Windows host is prior to 115.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-04 advisory. - Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed...

Mozilla Thunderbird < 115.7

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-04 advisory. - Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs...

Mozilla Firefox ESR < 115.7

The version of Firefox ESR installed on the remote Windows host is prior to 115.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-02 advisory. - Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed...

Mozilla Firefox < 122.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 122.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-01 advisory. - Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs show...

Security Vulnerabilities fixed in Firefox ESR 115.7 — Mozilla

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after...

Security Vulnerabilities fixed in Firefox 122 — Mozilla

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after...

Security Vulnerabilities fixed in Thunderbird 115.7 — Mozilla

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after...

SUSE CVE-2022-4955

Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

Fedora: Security Advisory for gst-devtools (FEDORA-2023-7bd66f219f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: gst-devtools-1.22.7-1.fc38

Development and debugging tools for GStreamer...

Fedora: Security Advisory for gst-devtools (FEDORA-2023-1661e0af22)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : gst-devtools / gstreamer1 / gstreamer1-doc / python-gstreamer1 (2023-1661e0af22)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-1661e0af22 advisory. Fixes for GStreamer-SA-2023-0010 ZDI-CAN-22299 and GStreamer-SA-2023-0009 ZDI-CAN-22226 CVE-2023-44429 Tenable has extracted the preceding description block...

Fedora 39 : chromium (2023-0b39dc9302)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0b39dc9302 advisory. update to 118.0.5993.117. Security release for CVE-2023-5472 ---- Update to 118.0.5993.88 ---- Update to 118.0.5993.70. Include following security...

openSUSE 15 Security Update : opera (openSUSE-SU-2023:0338-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0338-1 advisory. - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a...

The vulnerability of the DevTools set of tools for web development in the Mozilla Firefox browser and the Thunderbird email client allows a hacker to execute arbitrary commands.

The vulnerability of the DevTools suite for web development in the Mozilla Firefox browser and Thunderbird email client is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...