CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1. Recent assessments: gwillcox-r7 at November...

Mozilla Firefox ESR < 68.6.1

The version of Firefox ESR installed on the remote Windows host is prior to 68.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-11 advisory. - Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are awa...

Mozilla Firefox < 74.0.1

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 74.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-11 advisory. - Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We a...

Mozilla Firefox < 74.0.1

The version of Firefox installed on the remote Windows host is prior to 74.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-11 advisory. - Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware o...

Mozilla Firefox ESR < 68.6.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-11 advisory. - Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. ...

Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild. The flaws, both use-after-free bugs, have been part of “targeted attacks in the wild,” according to a Mozilla Foundation security advisory posted Friday. Both bugs have critical ratings and allow...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-firefox-68.6.1esr-i686-1slack14.2.txz: Upgraded. This release contains critical security fixes and improvements. "Und...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 — Mozilla

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of...

CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

UBUNTU-CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

Microsoft Warns of Critical Windows Zero-Day Flaws

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...

TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal

The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol RDP accounts. According to BitDefender, the module has been used in campaigns against telecom, education and financial services industry targets in the United States and Hong...

Top Three Tactics for CISOs Facing Targeted Attacks

Targeted attacks are an ongoing issue and pose a large risk to your organization. What can you do to stay protected?...

Securing the MSP: best practices for vetting cybersecurity vendors

Ironically, to keep costs low for their enterprise and mid-market clients, managed service providers MSPs are some of the most reliant on third-party vendors—including those providing security. While this is generally not an indication of dysfunction or vulnerability, the responsible MSP will be...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0010)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is...