Lucene search
K

18 matches found

OSV
OSV
added 2023/06/02 5:15 p.m.7 views

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS7.8AI score
Exploits0References4
Debian CVE
Debian CVE
added 2023/06/02 12:0 a.m.43 views

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS7.6AI score0.00672EPSS
Exploits0
Redos
Redos
added 2023/03/15 12:0 a.m.33 views

ROS-20230315-01

Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed, when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack. to visit a malicious website and perform a...

8.8CVSS7.6AI score0.00817EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/07 12:0 a.m.31 views

Amazon Linux 2 : thunderbird (ALAS-2023-1983)

The version of thunderbird installed on the remote host is prior to 102.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1983 advisory. 2024-02-15: CVE-2023-0616 was added to this advisory. If a MIME email combines OpenPGP and OpenPGP MIME data in a...

8.8CVSS7.8AI score0.01812EPSS
Exploits1References30
Amazon
Amazon
added 2023/03/06 12:0 a.m.40 views

Important: thunderbird

Issue Overview: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted messa...

8.8CVSS8.4AI score0.01812EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/03/01 7:0 a.m.114 views

USN-5880-2: Firefox regressions

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...

7.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.37 views

SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:0469-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0469-1 advisory. Updated to version 102.8.0 ESR bsc1208144: - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes....

8.8CVSS6.9AI score0.00817EPSS
Exploits1References31
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.35 views

Rocky Linux 8 : firefox (RLSA-2023:0808)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0808 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

8.8CVSS7.8AI score0.00817EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.34 views

SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2023:0461-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0461-1 advisory. Updated to version 102.8.0 ESR bsc1208144: - CVE-2023-25728: Fixed content security policy leak ...

8.8CVSS6.9AI score0.00817EPSS
Exploits1References31
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.33 views

Rocky Linux 8 : thunderbird (RLSA-2023:0821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0821 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

8.8CVSS7.8AI score0.00817EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.32 views

Rocky Linux 9 : firefox (RLSA-2023:0810)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0810 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

8.8CVSS7.8AI score0.00817EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.27 views

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5880-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5880-1 advisory. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a...

9.8CVSS7.7AI score0.00817EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2023/02/17 12:0 a.m.34 views

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-047-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-047-01 advisory. - If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to...

8.8CVSS7.8AI score0.00817EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.28 views

Debian dla-3319 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3319 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3319-1 [email protected]...

8.8CVSS7.5AI score0.00817EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.32 views

Debian DSA-5350-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5350 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...

8.8CVSS7.8AI score0.00817EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2023/02/15 12:0 a.m.36 views

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS6.9AI score0.00672EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.28 views

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-045-01)

The version of mozilla-firefox installed on the remote host is prior to 102.8.0esr / 110.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-045-01 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory...

8.8CVSS7.8AI score0.00817EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2023/02/14 12:0 a.m.25 views

Mozilla Firefox ESR < 102.8

The version of Firefox ESR installed on the remote Windows host is prior to 102.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-06 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of...

8.8CVSS7.8AI score0.00817EPSS
Exploits1References14
Rows per page
Query Builder