CentOS 8 : thunderbird (CESA-2024:0964)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0964 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...

BIT-MATTERMOST-2023-49607

Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog...

March 5, 2024, update for Office 2016 (KB5002466)

March 5, 2024, update for Office 2016 KB5002466 This article describes update 5002466 for Microsoft Office 2016 that was released on March 5, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6669-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6669-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsin...

Debian dla-3747 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3747-1 [email protected]...

Important: thunderbird

Issue Overview: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. CVE-2024-1546 Through a series of API calls and...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-12549)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to obscure privilege dialog boxes...

Multiple Mozilla Product Spoofing Vulnerabilities (CNVD-2025-01193)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

thunderbird security update

CentOS Errata and Security Advisory CESA-2024:0957 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

PortlandLabs Concrete CMS Security Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A security vulnerability exists in Concrete prior to version 9.2.3, which stems from a cross-site request forgery attack via ccm/system/dialogs/file/delete/1/submit...

The vulnerability in the implementation of the browser application interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to display an alertdialog on a different website.

The vulnerability in the implementation of the browser application interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of user interface layers or frames that can be displayed. Exploiting this vulnerability allows a...

AlmaLinux 8 : firefox (ALSA-2024:0955)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...

AlmaLinux 9 : firefox (ALSA-2024:0952)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0952 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...

MGASA-2024-0050 Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by select element. CVE-2024-1548 Custom cursor could obscure the...

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by select element. CVE-2024-1548 Custom cursor could obscure the...

Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

MGASA-2024-0049 Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

Oracle Linux 8 : thunderbird (ELSA-2024-0964)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0964 advisory. 115.8.0-1.0.1 - Add Oracle modifications 115.8.0-1 - Update to 115.8.0 build1 Tenable has extracted the preceding description block directly from the...

Oracle Linux 8 : firefox (ELSA-2024-0955)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0955 advisory. 115.8.0-1.0.1 - Update to 115.8.0 build 1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 9 : thunderbird (ELSA-2024-0963)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. 115.8.0-1.0.1 - Add Oracle modifications 115.8.0-1 - Update to 115.8.0 build1 Tenable has extracted the preceding description block directly from the...