Security Vulnerabilities fixed in Firefox 121 — Mozilla

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. Multiple NSS NIST curves were susceptible to a side-channel attack known as...

Mozilla Thunderbird < 115.6

The version of Thunderbird installed on the remote Windows host is prior to 115.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-55 advisory. - Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-353-03)

The version of mozilla-thunderbird installed on the remote host is prior to 115.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-353-03 advisory. - The signature of a digitally signed S/MIME email message may optionally specify the signature creation date...

Mozilla Firefox ESR < 115.6

The version of Firefox ESR installed on the remote Windows host is prior to 115.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-54 advisory. - Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed...

Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer

The Mozilla Foundation Security Advisory describes this flaw as: On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element...

Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer

The Mozilla Foundation Security Advisory describes this flaw as: On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element...

Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer

The Mozilla Foundation Security Advisory describes this flaw as: On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element...

Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer

The Mozilla Foundation Security Advisory describes this flaw as: On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element...

The vulnerability of the WebGL2RenderingContext.blitFramebuffer() method in the WebGL2 interface of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the WebGL2RenderingContext.blitFramebuffer method in Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to the issue of performing operations beyond the buffer boundaries when processing canvas elements. Exploiting this vulnerability can all...

SUSE-SU-2023:4532-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry bsc1217230 Fixed: Various security fixes and other quality improvements. MFSA 2023-46 bsc1216338 CVE-2023-5721: Queued up rendering could have allowed websites to...

RLSA-2023:6188 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.4.0 ESR. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixe...

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Mageia: Security Advisory (MGASA-2023-0308)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0309 Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

MGASA-2023-0308 Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...

Mozilla: Large WebGL draw could have led to a crash

The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Large WebGL draw could have led to a crash

The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash...