109 matches found
Amazon Linux 2 : thunderbird (ALAS-2022-1763)
The version of thunderbird installed on the remote host is prior to 91.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1763 advisory. The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markup th...
MGASA-2022-0019 Updated thunderbird packages fix security vulnerability
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...
Debian DLA-2881-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2881 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory...
Debian DLA-2880-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2880 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory...
Debian DSA-5045-1 : thunderbird - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5045 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable...
Debian DSA-5044-1 : firefox-esr - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5044 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...
CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22748
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Oracle Linux 8 : thunderbird (ELSA-2022-0129)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0129 advisory. 91.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.5.0-1 - Update to 91.5.0 build1 Tenable has...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5229-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5229-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...
UBUNTU-CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Oracle Linux 7 : firefox (ELSA-2022-0124)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0124 advisory. 91.5.0-1.0.2 - Enabled aarch64 builds 91.5.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 3014329...
CVE-2022-22739
The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...
Mozilla: Missing throttling on external protocol launch dialog
The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...
MGASA-2022-0013 Updated nss and firefox packages fix security vulnerabilities
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...
Mozilla Firefox < 96.0
The version of Firefox installed on the remote Windows host is prior to 96.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-01 advisory. - When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it shou...
GPAC 缓冲区错误漏洞
GPAC is a multimedia framework for rich media and distributed under the LGPL license. a heap buffer overflow vulnerability exists in the URLGetProtocolType function in GPAC version 1.0.1. An attacker could exploit this vulnerability via specially crafted files to cause a denial of service or...
CVE-2020-6159
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...
Code injection
This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF...
Design/Logic Flaw
In Wire before 3.20.x, shell.openExternal was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The...