MGASA-2019-0316 Updated thunderbird packages fix security vulnerabilities

The updated packages fix security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC networking. CVE-2019-11760...

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC...

FriBidi CVE-2019-18397 Stack Buffer Overflow Vulnerability

...

Mozilla: Stack buffer overflow in WebRTC networking

A flaw was discovered in Mozilla Firefox and Thunderbird where a fixed-stack buffer overflow could occur during WebRTC signalling. The vulnerability could lead to an exploitable crash or leak data...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

xvid:fuzzer-decoder: Stack-buffer-overflow in BitstreamReadHeaders

Detailed Report: https://oss-fuzz.com/testcase?key=5747834934001664 Project: xvid Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzerasanxvid Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7ffc9e066120 Crash State: BitstreamReadHeaders decoderdeco...

RHEL 8 : curl (RHSA-2019:3701)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3701 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

RHEL 8 : edk2 (RHSA-2019:3338)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3338 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

RHEL 8 : libvorbis (RHSA-2019:3703)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3703 advisory. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20191031)

Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total Security CVE-2019-11758 - Mozilla: Stack buffer overfl...

jsc: Stack-buffer-underflow in JSC::Register::pointer

Detailed Report: https://oss-fuzz.com/testcase?key=5763160024023040 Project: jsc Fuzzer: jsfuzzer Job Type: asanjsc Platform Id: linux Crash Type: Stack-buffer-underflow READ 8 Crash Address: 0x7ffcb1a355c8 Crash State: JSC::Register::pointer JSC::CallFrame::callee...

CentOS Update for firefox CESA-2019:3281 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

opensc:fuzz_pkcs15_reader: Stack-buffer-overflow in cac_cac1_get_certificate

Project: https://github.com/OpenSC/OpenSC.git Detailed Report: https://oss-fuzz.com/testcase?key=5654449905467392 Project: opensc Fuzzing Engine: libFuzzer Fuzz Target: fuzzpkcs15reader Job Type: libfuzzerasanopensc Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address:...

CentOS 7 : thunderbird (CESA-2019:3210)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

thunderbird security update

CentOS Errata and Security Advisory CESA-2019:3210 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

firefox security update

CentOS Errata and Security Advisory CESA-2019:3193 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

SUSE-SU-2019:2871-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB...

Amazon Linux 2 : httpd (ALAS-2019-1341)

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A vulnerability was...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)

This update upgrades Thunderbird to version 68.2.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...