Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

Mozilla Firefox ESR Security Advisories (MFSA2021-02, MFSA2021-05) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Security fix for the ALT Linux 10 package thunderbird version 78.7.0-alt1

Jan. 27, 2021 Andrey Cherepanov 78.7.0-alt1 - New version 78.7.0. - Security fixes: + CVE-2021-23953 Cross-origin information leakage via redirected PDF requests + CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements + CVE-2020-15685 IMAP Response...

Mozilla Thunderbird < 78.7

The version of Thunderbird installed on the remote Windows host is prior to 78.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-05 advisory. - Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, Andr Bargull,...

RHEL 8 : firefox (RHSA-2021:0289)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0289 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2020-25169

The CVE-2020-25169 issue affects Reolink P2P cameras, where data transferred between the local device and Reolink servers may be exposed due to cleartext transmission of sensitive information. The advisory notes a high risk with CVSS v3 base score up to 9.1 (ATT&CK context not explicitly listed i...

Mozilla Firefox ESR < 78.7

The version of Firefox ESR installed on the remote Windows host is prior to 78.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-04 advisory. - Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, Andr Bargull,...

Mozilla Firefox ESR < 78.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-04 advisory. - Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, And...

Outgoing FCC Chair Issues Final Security Salvo Against China

Outgoing Federal Communications Chair Ajit Pai has issued a final warning about Chinese telcos at the end of a tenure spent cracking down on companies like Huawei, ZTE and China Telecom. Pai, a former telecommunications industry lobbyist and in-house counsel for Verizon, told Reuters that managin...

WSuspicious - A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/ It was inspired from the WSuspect proxy project:...

OpenMage: No Limit on Email Subscription

Summary: Hello Madison As I have Found a Business Logic Error which cause unlimited amount of Newsletter Subscription as you can see in the image i have provided Steps To Reproduce: 1. Open Burpsuite and set the proxy and intercept on. 2.Then Go to https://demo.openmage.org/ and enter the Email y...

AZL-31731 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

CVE-2020-8554

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

AZL-31696 CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

Code injection

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

CVE-2020-8554

CVE-2020-8554 affects the Kubernetes API server by allowing an attacker who can create a ClusterIP service with a crafted spec.externalIPs to intercept traffic to that IP, and by abusing privileged status.patch on a LoadBalancer service to set status.loadBalancer.ingress.ip. The issue is rooted i...

CVE-2020-8554

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

Incorrect Authorization

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...