Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

RHEL 8 : firefox (RHSA-2024:7700)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7700 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

ALSA-2024:7699 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.16/128.3 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131...

RHEL 7 : firefox (RHSA-2024:7702)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7702 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

AlmaLinux 9 : thunderbird (ALSA-2024:7552)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:7552 advisory. thunderbird: 115.16/128.3 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox: thunderbird...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR MFSA-2024-47, bsc1230979: CVE-2024-8900: Clipboard write permission bypass CVE-2024-9392: Compromised content process can bypass site isolation CVE-2024-9393: Cross-origin access to P...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

firefox: thunderbird: External protocol handlers could be enumerated via popups

The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...

RHEL 9 : thunderbird (RHSA-2024:7552)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7552 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.16/128.3 firefox: thunderbird: Specially...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox that originates from the ability to enumerate external protocol handlers via a pop-up window. No details of the vulnerability are currently available...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-027)

The version of firefox installed on the remote host is prior to 115.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-027 advisory. A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally...

FreeBSD : mozilla firefox -- protocol information guessing (aa1c7af9-570e-11ef-a43e-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the aa1c7af9-570e-11ef-a43e-b42e991fc52e advisory. [email protected] reports: By monitoring the time certain operations take, an attacker could have...

Astra Linux – Vulnerability in Firefox, Thunderbird

By monitoring the time it takes for certain operations to complete, an attacker could figure out which external protocol handlers were functioning on a user’s system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

Mozilla: External protocol handlers leaked by timing attack

The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...

Updated thunderbird packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...