Debian DSA-4813-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

Debian DLA-2496-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass. For Debian 9 stretch, these problems have been fixed in version 78.6.0esr-1deb9u1. We recommend that you...

Oracle Linux 7 : ELSA-2020-5561-1: / firefox (ELSA-2020-55611)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-55611 advisory. 78.6.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2020:5561)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5561-1 advisory. - chromium-browser: Uninitialized Use in V8 CVE-2020-16042 - Mozilla: Heap buffer overflow in WebGL CVE-2020-26971 - Mozilla: CSS Sanitizer...

Debian: Security Advisory (DLA-2496-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2496-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2496-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 16, 2020 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4813-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4813-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 16, 2020 https://www.debian.org/security/faq -...

Mozilla: CSS Sanitizer performed incorrect sanitization

The Mozilla Foundation Security Advisory describes this flaw as: Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-4671-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4671-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker...

Mozilla Firefox Security Advisories (MFSA2020-54, MFSA2020-56) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox ESR Security Advisories (MFSA2020-54, MFSA2020-56) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

USN-4671-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, ...

UBUNTU-CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

KLA12030 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security bypass...

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

Security Vulnerabilities fixed in Firefox 84 — Mozilla

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. The lifecycle of IPC Actors allows managed actors t...

Security Vulnerabilities fixed in Thunderbird 78.6 — Mozilla

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. Certain input to the CSS Sanitizer confused it,...

CSS paint API: Being predictably random

Take a look at this: Space invaders If you're using a browser that supports the CSS paint API, the element will have a 'random' pixel-art gradient in the background. But it turns out, doing random in CSS isn't as easy as it seems… Initial implementation This isn't a full tutorial on the CSS paint...

KLA12026 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Dynamics CRM Webclie...

Design/Logic Flaw

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files...