Fedora: Security Advisory for golang-github-chris-ramon-douceur (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Updated firefox packages fix security vulnerability

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution CVE-2022-2200. An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing...

MGASA-2022-0251 Updated firefox packages fix security vulnerability

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution CVE-2022-2200. An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing...

GHSA-X3VM-38HW-55WF Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted CSS selectors. The following example shows how an attacker can exfiltrat...

Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted CSS selectors. The following example shows how an attacker can exfiltrat...

[SECURITY] Fedora 36 Update: golang-github-chris-ramon-douceur-0.2.0-5.20200910gitf346305.fc36

A simple CSS parser and inliner in Go...

[SECURITY] Fedora 36 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc36

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

[SECURITY] Fedora 36 Update: douceur-0.2.0-14.fc36

A simple CSS parser and inliner in Go...

Mozilla: CSP bypass enabling stylesheet injection

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

Mozilla: CSP bypass enabling stylesheet injection

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

RHEL 8 : firefox (RHSA-2022:5474)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5474 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these...

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showe...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-181-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.0 / 91.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-181-01 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of...

ROS-20220701-03

Vulnerability in Mozilla Thunderbird email client is related to improper handling of sandbox header CSP without the "allow scripts" parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented restriction. remotely, use an iframe t...

ROS-20220701-02

A vulnerability in the Mozilla Firefox browser is related to improper handling of the CSP sandbox header without the the "allow scripts" parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented CSP restriction and exploit it...

Oracle Linux 8 : thunderbird (ELSA-2022-5470)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5470 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.11.0-2 - Update to 91.11.0 build2 91.11.0-1 -...

Debian DLA-3064-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3064 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume...

Oracle Linux 7 : thunderbird (ELSA-2022-5480)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5480 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.11.0-2 - Update to...

Oracle Linux 7 : firefox (ELSA-2022-5479)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5479 advisory. 91.11.0-2.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....