MiracleLinux 8 : firefox-102.12.0-1.el8.ML.1 (AXSA:2023-6166:23)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6166:23 advisory. Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR...

Unity Linux 20.1070e Security Update: tigervnc (UTSA-2026-000530)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000530 advisory. In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities...

Updated firefox/nss packages fix security vulnerability

Click-jacking certificate exceptions through rendering lag. CVE-2023-34414 Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. CVE-2023-34416...

Updated thunderbird packages fix security vulnerability

Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Memory safety bugs fixed in Thunderbird 102.12 CVE-2023-34416...

RHEL 8 : thunderbird (RHSA-2023:3596)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3596 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fixes: Mozilla...

RHEL 9 : firefox (RHSA-2023:3589)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3589 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fixes: Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12...

RHEL 8 : thunderbird (RHSA-2023:3564)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3564 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fixes: Mozilla...

RHEL 8 : firefox (RHSA-2023:3597)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3597 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR. Security Fixes: Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixe...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE-SU-2023:2440-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR bsc1211922: - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12...

USN-5965-1 tigervnc vulnerability

It was discovered that TigerVNC mishandled TLS certificate exceptions. An attacker could use this vulnerability to impersonate any server after a client had added an exception and obtain sensitive information...

SUSE CVE-2020-26117

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception...

The vulnerability of software for implementing VNC and TigerVNC lies in authentication process errors, which allow attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the software for implementing VNC TigerVNC is related to improper handling of TLS certificate exceptions. Exploiting this vulnerability can allow a remote attacker to access confidential data and compromise its integrity...

RHEL 8 : tigervnc (RHSA-2021:1783)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1783 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it ...

tigervnc: certificate exceptions stored as authorities

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception...

RLSA-2021:1783 Moderate: tigervnc security, bug fix, and enhancement update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The...

EulerOS 2.0 SP2 : tigervnc (EulerOS-SA-2021-1369)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. ...