715 matches found
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Oracle Linux 7 : thunderbird (ELSA-2022-8555)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8555 advisory. 102.5.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.5.0-2 - Update to...
AlmaLinux 9 : thunderbird (ALSA-2022:8561)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8561 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...
AlmaLinux 8 : thunderbird (ALSA-2022:8547)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...
Denial Of Service (DoS)
thunderbird is vulnerable to Denial Of Service DoS. The vulnerability exists in Keyboard events reference string because of Cache not properly validate which may lead to a timing attacks and an application crash...
CVE-2022-45416
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
CVE-2022-45416
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Mozilla Firefox ESR < 102.5
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-48 advisory. - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 1...
CVE-2022-45403
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...
SUSE SLED15 / SLES15 Security Update : python-rsa (SUSE-SU-2022:3932-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3932-1 advisory. - It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RS...
Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Overview Multiple Unified Extensible Firmware Interface UEFI implementations are vulnerable to code execution in System Management Mode SMM by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access DMA timing attacks tha...
OESA-2022-2005 mailman security update
This is GNU Mailman, a mailing list management system distributed under the terms of the GNU General Public License GPL version 3 or later. The name of this software is spelled 'Mailman' with a leading capital 'M' but with a lower case second m'. Any other spelling is incorrect. Security Fixes:...
PT-2022-5018 · WordPress · Wp 2Fa
Name of the Vulnerable Software and Affected Versions: WP 2FA WordPress plugin versions prior to 2.3.0 Description: The issue exists due to the use of comparison operators that do not mitigate time-based attacks, potentially allowing a remote attacker to leak information about authentication code...