Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

CVE-2020-25610

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes...

Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

DEBIAN-CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

UBUNTU-CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

Js-X-Ray - JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting th...

Vulnerability fixed in Thunderbird

When reading status codes from the SMTP server, Thunderbird an integer to a position on the stack that is is intended to contain only one byte. Depending on the processor architecture and the stack layout, this leads to corruption of the stack that could potentially be abused. Mozilla has release...

What the cluck?! Cyber hygiene when eating out.

This feels like the new norm for eating out at a restaurant: Stand uncomfortably, 2 metres from the party in front/furrow your brow when the other party move within your “safe zone”. Make a huge over-theatrical show of sanitising your hands, as though you’re about to perform some major surgery...

Security fix for the ALT Linux 10 package thunderbird version 78.5.1-alt1

Dec. 2, 2020 Andrey Cherepanov 78.5.1-alt1 - New version 78.5.1. - Security fixes: + CVE-2020-26970 Stack overflow due to incorrect parsing of SMTP server response codes...

Beers with Talos Ep. #96: The boogeyman and QR codes

Beers with Talos BWT Podcast episode No. 96 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. We got delayed with Thanksgiving and PTO, but here is a...

Nextcloud Server File Block Overwrite Vulnerability (NC-SA-2020-038)

Nextcloud Server is prone to a vulnerability where Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

CVE-2020-29438

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip...

Tesla Model X Data Falsification Issue Vulnerability

Tesla The Tesla Model X is a new energy vehicle from the American company Tesla. Tesla Model X vehicles versions prior to 2020-11-23 suffer from a security vulnerability that stems from having critical fobs that can accept firmware updates without signature verification.This allows an attacker to...

Debian DLA-2469-1 : qemu security update

Some issues have been found in qemu, a fast processor emulator. All issues are related to assertion failures, out-of-bounds access failures or bad handling of return codes. For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u12. We recommend that you upgrade your qem...

ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation

ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit =============================================================== ZTE Blade Vantage Z839 Android handsets running 7.1.1 contain an engineering mode that utilizes "Android Secret Codes" for accessing hidden engineering functionality. Su...

Easy Registration Forms <= 2.0.6 - CSV Injection

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...