Security fix for the ALT Linux 10 package thunderbird version 78.10.0-alt1

April 26, 2021 Andrey Cherepanov 78.10.0-alt1 - New version 78.10.0. - Security fixes: + CVE-2021-23994 Out of bound write due to lazy initialization + CVE-2021-23995 Use-after-free in Responsive Design Mode + CVE-2021-23998 Secure Lock icon could have been spoofed + CVE-2021-23961 More internal...

RHEL 8 : firefox (RHSA-2021:1361)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1361 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 7 : firefox (RHSA-2021:1363)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1363 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 8 : firefox (RHSA-2021:1362)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1362 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

SUSE-SU-2021:1307-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR bsc1184960 CVE-2021-23994: Out of bound write due to lazy initialization CVE-2021-23995: Use-after-free in Responsive Design Mode CVE-2021-23998: Secure Lock icon could have been spoofed CVE-2021-23961...

CVE-2021-29946

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Port Blocking BYPASS

firefox is vulnerable to port blocking bypass. Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header...

CVE-2021-31552

CVE-2021-31552 affects MediaWiki’s AbuseFilter extension up to 1.35.2. The flaw allows certain rules that block after account creation to block only the originating IP, not the user account, enabling an unprivileged actor to create accounts while the IP is blocked and potentially enumerate relate...

CVE-2021-31552

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account and not...

Multiple Mozilla Products Input Validation Error Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An input validation error vulnerability exists in multiple Mozilla products,...

MediaWiki AbuseFilter extension 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from incorrect...

[SECURITY] Fedora 32 Update: nodejs-12.22.1-1.fc32

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 33 Update: nodejs-14.16.1-1.fc33

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Mozilla Firefox ESR < 78.10

The version of Firefox ESR installed on the remote Windows host is prior to 78.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-15 advisory. - Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port...

Mozilla Firefox 输入验证错误漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An input validation error vulnerability exists in multiple Mozilla products,...

Pi-hole cross-site scripting vulnerability (CNVD-2021-30595)

Pi-hole is a multi-platform, network-wide ad-blocking tool. A stored cross-site scripting vulnerability exists in Pi-hole 5.4 and earlier versions of the management portal. An attacker with network access to a DNS server could exploit this vulnerability to conduct a cross-site scripting attack...

CVE-2021-29448

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details...

CVE-2021-29448 Stored DOM XSS in Pi-hole Admin Web Interface

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details...

CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details...

CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details...