RHEL 8 : thunderbird (RHSA-2020:0127)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0127 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fixes: Mozilla:...

RHEL 6 : thunderbird (RHSA-2020:0123)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0123 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fixes: Mozilla:...

RHEL 7 : thunderbird (RHSA-2020:0120)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0120 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fixes: Mozilla:...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

OPENSUSE-SU-2020:0060-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR Fixed: Security fix MFSA 2020-03 bsc1160498 CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR Fixe...

RHEL 8 : firefox (RHSA-2020:0111)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0111 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20200113)

This update upgrades Firefox to version 68.4.1 ESR. Security Fixes : - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 - Mozilla: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 - Mozilla: Type Confusion in XPCVariant.cpp...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200113)

This update upgrades Firefox to version 68.4.1 ESR. Security Fixes : - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 - Mozilla: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 - Mozilla: Type Confusion in XPCVariant.cpp...

RHEL 7 : firefox (RHSA-2020:0085)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0085 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CentOS Update for firefox CESA-2020:0086 centos6

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0078-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 68.4.1 ESR - Fixed: Security fix MFSA 2020-03 bsc1160498 - CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement Firefox Extended Support Release 68.4.0 ESR -...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

firefox security update

CentOS Errata and Security Advisory CESA-2020:0086 An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

[ASA-202001-4] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202001-4 ========================================= Severity: Critical Date : 2020-01-14 CVE-ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Package : thunderbird Type : multiple issues Remote : Yes Link :...

Mozilla Thunderbird Security Advisory (MFSA2020-04) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...