4446 matches found
ALSA-2023:6194 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and...
RHEL 8 : thunderbird (RHSA-2023:6197)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6197 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fixes: Mozilla:...
SUSE-SU-2023:4214-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Updated to version 115.4.0 ESR bsc1216338: - CVE-2023-5721: Fixed a potential clickjack via queued up rendering. - CVE-2023-5722: Fixed a cross-Origin size and header leakage. - CVE-2023-5723: Fixed unexpected errors when handling inval...
SUSE-SU-2023:4213-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Updated to version 115.4.0 ESR bsc1216338. - CVE-2023-5721: Fixed a potential clickjack via queued up rendering. - CVE-2023-5722: Fixed a cross-Origin size and header leakage. - CVE-2023-5723: Fixed unexpected errors when handling inval...
CVE-2023-5730
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 119, Firefox ESR...
CVE-2023-5722
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox 119...
CVE-2023-5727
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...
Mozilla Firefox Security Advisory (MFSA2023-45) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2023-45. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
CVE-2023-32724 JavaScript engine memory pointers are directly available for Zabbix users for modification
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation...
CVE-2023-32724 JavaScript engine memory pointers are directly available for Zabbix users for modification
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation...
USN-6426-1 webkit2gtk vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
Foxit Reader < 9.1 Multiple Vulnerabilities
According to its version, the Foxit Reader application installed on the remote Windows host is prior to 9.1. It is, therefore affected by multiple vulnerabilities: - In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP...
Type Confusion
chromium is vulnerable to Type Confusion. This vulnerability could allow an attacker to execute arbitrary code on a victim's computer by exploiting a flaw in the V8 JavaScript engine. The impact of this vulnerability is high, as it can be exploited by attackers to steal sensitive data, take contr...
CVE-2023-5170
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox 118...
Foxit PDF Editor < 11.2.7 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.7. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF...
Foxit PDF Editor for Mac < 11.1.5 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 11.1.5. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit...
DEBIAN-CVE-2023-4762
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2023-4577
When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2...
CVE-2023-4573
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Google Chrome’s V8 JavaScript engine lies in the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...