537 matches found
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
RHEL 8 : firefox (RHSA-2024:0972)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 8 : thunderbird (RHSA-2024:0960)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0960 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...
RHEL 9 : thunderbird (RHSA-2024:0962)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0962 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...
RHEL 8 : firefox (RHSA-2024:0970)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0970 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 9 : thunderbird (RHSA-2024:0963)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0963 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...
RHEL 7 : thunderbird (RHSA-2024:0957)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0957 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...
RHEL 7 : firefox (RHSA-2024:0976)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0976 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Active Storage Security Vulnerability
Active Storage is a plugin for uploading files to multiple cloud storage services and attaching files to Active Record objects. A security vulnerability exists in Rails Active Storage that stems from Active Storage sending a Set-Cookie header along with the user's session cookie when serving a bl...
SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2024:0607-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0607-1 advisory. Update to Firefox Extended Support Release 115.8.0 ESR MFSA 2024-06 bsc1220048: - CVE-2024-1546:...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Arbitrary Code Injection
Firefox, Firefox ESR, and Thunderbird are vulnerable to Arbitrary Code Injection. The vulnerability is due to the incorrect honoring of Set-Cookie response headers in multipart HTTP responses. If an attacker could manipulate the Content-Type response header and control part of the response body,...
CVE-2024-1551
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-052-01)
The version of mozilla-thunderbird installed on the remote host is prior to 115.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-052-01 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused,...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
UBUNTU-CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...
CVE-2024-1551
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This...