Amazon Linux 2 : firefox (ALASFIREFOX-2025-035)

The version of firefox installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-035 advisory. The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. Thi...

Amazon Linux 2 : firefox (ALASFIREFOX-2025-034)

The version of firefox installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-034 advisory. The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. Thi...

Amazon Linux 2 : thunderbird (ALAS-2025-2765)

The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2765 advisory. A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This...

Important: thunderbird

Issue Overview: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. CVE-2024-10458 An attacker could have caused a...

PT-2025-1400 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue is caused by a buffer overflow in the ASN.1 deserialization function of the S1AP handler, leading to type confusion in decoded fields. This results in invalid parsing and freeing of memory,...

CVE-2024-12908

Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...

CVE-2024-12908

Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...

PT-2024-17792 · Delinea · Delinea Pam Secret Server

Name of the Vulnerable Software and Affected Versions: Delinea Secret Server version 11.7.31 protocol handler version 6.0.3.26 Description: The issue arises from the comparison of URI's before normalization and canonicalization within the protocol handler function, potentially leading to over...

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

MGASA-2024-0349 Updated nspr, nss, firefox & rust packages fix security vulnerabilities

Permission leak via embed or object elements. CVE-2024-10458 Use-after-free in layout with accessibility. CVE-2024-10459 Confusing display of origin for external protocol handler prompt. CVE-2024-10460 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response...

RockyLinux 9 : thunderbird (RLSA-2024:8793)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8793 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: X...

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

Moderate: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

AlmaLinux 9 : firefox (ALSA-2024:8726)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8726 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: XS...

AlmaLinux 9 : thunderbird (ALSA-2024:8793)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:8793 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox: thunderbird: XS...

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

Moderate: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...