Debian DSA-5464-1 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5464 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the...

AlmaLinux 9 : firefox (ALSA-2023:4462)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4462 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-216-01)

The version of mozilla-firefox installed on the remote host is prior to 115.1.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-216-01 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image dat...

AlmaLinux 8 : firefox (ALSA-2023:4468)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4468 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of...

Fedora 37 : firefox (2023-a4e8720e0f)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a4e8720e0f advisory. - Updated to latest upstream 116.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Mozilla: Crash in DOMParser due to out-of-memory conditions

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...

Mozilla: Incorrect value used during WASM compilation

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...

Mozilla: Incorrect value used during WASM compilation

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...

Mozilla: Crash in DOMParser due to out-of-memory conditions

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...

2022 Top Routinely Exploited Vulnerabilities

SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory CSA: United States: The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI Australia: Australian Signals Directorate’s Australian Cyb...

Mitsubishi Electric GT and GOT Series Products

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this...

Mitsubishi Electric GOT2000 and GOT SIMPLE

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:3161-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3161-1 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site ...

Mozilla Firefox and Firefox ESR Denial of Service Vulnerability (CNVD-2023-68212)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A denial of service vulnerability exists in Mozilla Firefox and Mozilla Firefox ESR that stems from incorrect values used during WASM compilation. An attacker c...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2023:3162-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3162-1 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to...

Mozilla Firefox and Firefox ESR Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. Mozilla Firefox and Mozilla Firefox ESR suffer from a buffer overflow vulnerability that stems from the fact that, under certain circumstances, untrusted input...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:3163-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3163-1 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site ...

CVE-2023-4050

The Mozilla Foundation Security Advisory describes this flaw as: In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape...

CVE-2023-4048

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...

CVE-2023-4046

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...