CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

DEBIAN-CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

UBUNTU-CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

CVE-2024-4768

CVE-2024-4768 involves a bug in the interaction between popup notifications and WebAuthn that could enable a user-permission bypass in the affected Mozilla products. The concrete impact described in connected advisories applies to Firefox and Firefox ESR (and Thunderbird): an attacker could trick...

CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

Security Vulnerabilities fixed in Firefox 126 — Mozilla

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Web application manifests were stored by using an insecure MD5 hash...

Security Vulnerabilities fixed in Firefox ESR 115.11 — Mozilla

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by...

Mozilla Firefox ESR < 115.11

The version of Firefox ESR installed on the remote Windows host is prior to 115.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-22 advisory. - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed...

Mozilla Firefox < 126.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 126.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-21 advisory. - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs...

Mozilla Thunderbird < 115.11

The version of Thunderbird installed on the remote Windows host is prior to 115.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-23 advisory. - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed...

Mozilla Firefox < 126.0

The version of Firefox installed on the remote Windows host is prior to 126.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-21 advisory. - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed...

CVE-2023-6484

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

Improper Logs Output Neutralization

org.keycloak:keycloak-services is vulnerable to Improper Logs Output Neutralization . The vulnerability is due to errors in the browser client setup/auth process with "Security Key login" WebAuthn, which are written into the form, sent to Keycloak, and are logged without proper escaping, which...

GHSA-J628-Q885-8GR5 Keycloak vulnerable to log Injection during WebAuthn authentication or registration

A flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with "Security Key login" WebAuthn are written into the form, send to Keycloak and logged without escaping allowing log injection. Acknowledgements: Special thanks toTheresa Henze for reporting this issue and helping ...