44 matches found
MiracleLinux 7 : firefox-91.10.0-1.0.1.el7.AXS7 (AXSA:2022-3202:14)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3202:14 advisory. Mozilla: Cross-Origin resource's length leaked CVE-2022-31736 Mozilla: Heap buffer overflow in WebGL CVE-2022-31737 Mozilla: Browser window spoof...
MiracleLinux 8 : thunderbird-91.10.0-1.el8.ML.1 (AXSA:2022-3742:09)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3742:09 advisory. Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email CVE-2022-1834 Mozilla: Cross-Origin resource...
Amazon Linux 2 : firefox (ALASFIREFOX-2023-011)
The version of firefox installed on the remote host is prior to 91.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-011 advisory. 2024-04-25: CVE-2022-29913 was added to this advisory. The parent process would not properly check whether the...
CVE-2022-31742
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...
CVE-2022-31742
CVE-2022-31742 describes a timing-attack flaw in WebAuthn: an attacker could send many allowCredential entries and distinguish valid vs invalid key handles, enabling cross-origin account linking. Affected products in the provided records are Thunderbird < 91.10, Firefox < 101, and Firefox ESR
CVE-2022-31742
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...
AlmaLinux 9 : thunderbird (ALSA-2022:4892)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:4892 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...
CentOS: Security Advisory for thunderbird (CESA-2022:4891)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CentOS: Security Advisory for firefox (CESA-2022:4870)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CentOS 7 : firefox (RHSA-2022:4870)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4870 advisory. - A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.1...
Mozilla Firefox ESR Security Advisory (MFSA2022-21) - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:2062-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2062-1 advisory. - An attacker could have sent a message to the parent process where the contents were used to double-index int...
openSUSE: Security Advisory for MozillaThunderbird (SUSE-SU-2022:2062-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2022:2062-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : thunderbird (ELSA-2022-4887)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-4887 advisory. 91.10.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.10.0-1 - Update to 91.10.0 build1 Tenable has...
Mageia: Security Advisory (MGASA-2022-0220)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated firefox/nss/nspr packages fix security vulnerability
A malicious website could have learned the size of a cross-origin resource that supported Range requests CVE-2022-31736. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash CVE-2022-31737. When exiting fullscreen...
Debian: Security Advisory (DLA-3040-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3041-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3040-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3040-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 03, 2022 https://wiki.debian.org/LTS -...