@oku-ui/primitives (>=0.5.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/alert-dialog (=0.6.1)

@oku-ui/alert-dialog NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/alert-dialog and may be impacted: - @oku-ui/primitives =0.5.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191248...

@oku-ui/alert-dialog (>=0.0.1 <=0.6.1), @oku-ui/dialog (>=0.4.0 <=0.6.1) +3 more potentially affected by unknown CVE via @oku-ui/focus-guards (=0.6.1)

@oku-ui/focus-guards NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/focus-guards and may be impacted: - @oku-ui/alert-dialog =0.0.1, =0.4.0, =0.6.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory:...

@oku-ui/alert-dialog (>=0.0.1 <=0.6.1), @oku-ui/dialog (>=0.4.0 <=0.6.1) +6 more potentially affected by unknown CVE via @oku-ui/dismissable-layer (=0.6.1)

@oku-ui/dismissable-layer NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/dismissable-layer and may be impacted: - @oku-ui/alert-dialog =0.0.1, =0.4.0, =0.4.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unkno...

EUVD-2025-199491

Malicious code in @oku-ui/alert-dialog npm...

MAL-2025-191248 Malicious code in @oku-ui/alert-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824a69f83431a766f681bc72d705ff3b28ae9309898b4ad10979adca148f2276 The package @oku-ui/alert-dialog was found to contain malicious code. Source: google-open-source-security...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Rocky Linux 8 : firefox (RLSA-2024:0955)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6669-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6669-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsin...

Important: thunderbird

Issue Overview: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. CVE-2024-1546 Through a series of API calls and...

Debian dla-3747 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3747-1 [email protected]...

The vulnerability in the implementation of the browser application interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to display an alertdialog on a different website.

The vulnerability in the implementation of the browser application interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of user interface layers or frames that can be displayed. Exploiting this vulnerability allows a...

AlmaLinux 8 : firefox (ALSA-2024:0955)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...

AlmaLinux 9 : firefox (ALSA-2024:0952)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0952 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...

Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

Oracle Linux 8 : firefox (ELSA-2024-0955)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0955 advisory. 115.8.0-1.0.1 - Update to 115.8.0 build 1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 9 : thunderbird (ELSA-2024-0963)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. 115.8.0-1.0.1 - Add Oracle modifications 115.8.0-1 - Update to 115.8.0 build1 Tenable has extracted the preceding description block directly from the...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fixes: Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofe...

RHEL 8 : thunderbird (RHSA-2024:0961)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0961 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547 Mozilla: Memory...