An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

...

Linux Distros Unpatched Vulnerability : CVE-2024-2605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows...

Malicious code in typescript-error-reporter-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94ae0fc6c94bf4a0b84cd232b32cd4e5e36d035e62b1dea57e7c41d39d2c2406 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9256 Malicious code in typescript-error-reporter-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94ae0fc6c94bf4a0b84cd232b32cd4e5e36d035e62b1dea57e7c41d39d2c2406 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROS-20240820-01

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of memory after its release. memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code using a specially crafted w...

Fedora 40 : thunderbird (2024-fc2ae12c31)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fc2ae12c31 advisory. Update to 115.9.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/...

Arbitrary Code Execution

Firefox, Firefox ESR, Thunderbird are vulnerable to an Arbitrary Code Execution vulnerability. The vulnerability is due to leveraging the Windows Error Reporter to run arbitrary code, escaping the sandbox...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:1147-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1147-1 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attac...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:1002-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1002-1 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attac...

Fedora 38 : thunderbird (2024-5d080305ab)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d080305ab advisory. Update to 115.9.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:0971-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0971-1 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attack...

CVE-2024-2605

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected...

SUSE CVE-2024-2605

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

Code execution vulnerability in multiple Mozilla products (CNVD-2024-14974)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...

Fedora 38 : firefox (2024-7e71e9eaba)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7e71e9eaba advisory. - Updated to 124.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 39 : firefox (2024-113454b56b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-113454b56b advisory. - Updated to 124.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2024-2605

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

CVE-2024-2605

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

CVE-2024-2605

CVE-2024-2605 affects Firefox and related Mozilla products on Windows, where the Windows Error Reporter can be abused as a sandbox escape to run arbitrary code. The description states affected versions: Firefox &lt; 124, Firefox ESR &lt; 115.9, and Thunderbird

CVE-2024-2605

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...