62 matches found
Astra Linux – Vulnerability in Thunderbird, Firefox
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially lead to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26, and 8.0.x below 8.0.13, certain XML parsing functions, such as simplexmlloadfile, decode the filename passed to them using URL encoding. If the filename contains a URL-encoded NUL character, this may cause the function to interpret this as t...
Astra Linux – Vulnerability in Firefox and Thunderbird
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could lead to reflected file download attacks that potentially trick users into installing malware. This vulnerability affects Firefox 112, Focu...
MiracleLinux 8 : thunderbird-102.6.0-2.el8.ML.1 (AXSA:2023-4885:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4885:02 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...
MiracleLinux 7 : firefox-102.6.0-1.0.1.el7.AXS7 (AXSA:2022-4439:38)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4439:38 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...
EUVD-2004-2219
Malware in sbrugna...
EUVD-2022-49654
Malicious code in bioql PyPI...
BIT-LIBPHP-2021-21707 Special characters break path parsing in XML functions
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
CentOS 7 : thunderbird (RHSA-2022:9079)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...
CentOS 7 : firefox (RHSA-2022:9072)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9072 advisory. - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.Thi...
CentOS 8 : thunderbird (CESA-2023:1802)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1802 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
DEBIAN-CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...