Important: thunderbird

Issue Overview: The Mozilla Foundation describes this issue as follows: Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. CVE-2023-25751 The Mozilla Foundation describes...

Mozilla: Invalid downcast in Worklets

The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash...

Mozilla: Invalid downcast in Worklets

The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash...

Mozilla: Incorrect code generation during JIT compilation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...

Mozilla: Invalid downcast in Worklets

The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash...

Mozilla: Incorrect code generation during JIT compilation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash...

Oracle Linux 8 : firefox (ELSA-2023-1336)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1336 advisory. 102.9.0-3.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

CVE-2023-1448

A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gfm2tsprocesssdt of the file mediatools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been...

Debian DSA-5375-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5375 advisory. - Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:0763-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0763-1 advisory. - By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user...

Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-18930)

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A security vulnerability exists in Siemens Tecnomatix...

CVE-2023-28162

The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash...

Plugin for Google Reviews < 2.2.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the placeid parameter before using it in a SQL statement via the grwoverviewajax AJAx action, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5954-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5954-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:0728-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0728-1 advisory. - By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user...

Security Vulnerabilities fixed in Firefox 111 — Mozilla

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected. By displaying a prompt with a long description, the...

Cross site scripting vulnerability in update-center2

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a plugin for hosting...

GHSA-PQG3-XFX2-FMQP Cross site scripting vulnerability in update-center2

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a plugin for hosting...

CVE-2023-27905

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a plugin for hosting...

CVE-2022-37939

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and...