MiracleLinux 8 : firefox-102.8.0-2.el8.ML.1 (AXSA:2023-5141:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5141:10 advisory. Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation reports using iframes...

CVE-2024-34712 Oceanic allows unsanitized user input to lead to path traversal in URLs

Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...

USN-5880-2 firefox regressions

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...

Mozilla: Out of bounds memory write from EncodeInputStream

The Mozilla Foundation Security Advisory describes this flaw as: When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write...

Mozilla: Out of bounds memory write from EncodeInputStream

The Mozilla Foundation Security Advisory describes this flaw as: When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write...