MiracleLinux 9 : firefox-102.11.0-2.el9.ML.1 (AXSA:2023-6024:19)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6024:19 advisory. Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver CVE-2023-32206 Mozilla: Potential...

EUVD-2016-3052

Malware in sbrugna...

Simple College Website 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Memory Corruption

firefox is vulnerable to Memory Corruption. The vulnerability is due to uninitialised data in the file read limit which is passed to the FileReader::DoReadData method, resulting memory corruption...

RLSA-2023:3220 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fixes: Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver...

RHEL 8 : firefox (RHSA-2023:3220)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3220 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 8 : thunderbird (RHSA-2023:3221)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3221 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fixes: Mozilla...

ALSA-2023:3220 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fixes: Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver...

RHEL 9 : thunderbird (RHSA-2023:3150)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3150 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fixes: Mozilla...

RHEL 7 : thunderbird (RHSA-2023:3151)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3151 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fixes: Mozilla...

Mozilla: Potential memory corruption in FileReader::DoReadData()

The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit...

Updated thunderbird packages fix security vulnerability

Browser prompts could have been obscured by popups. CVE-2023-32205 Crash in RLBox Expat driver. CVE-2023-32206 Potential permissions request bypass via clickjacking. CVE-2023-32207 Content process crash due to invalid wasm code. CVE-2023-32211 Potential spoof due to obscured address bar...

ALSA-2023:3150 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fixes: Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver CVE-2023-32206 Mozilla: Potential permissions reques...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fixes: Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver...

Mozilla Thunderbird Security Advisories (MFSA2023-18) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

OSV-2020-1842 Heap-buffer-overflow in parquet::arrow::SchemaManifest::Make

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25933 Crash type: Heap-buffer-overflow READ 8 Crash state: parquet::arrow::SchemaManifest::Make parquet::arrow::FileReader::Make parquet::arrow::internal::FuzzReader...

GHSA-C2GP-86P4-5935 Use-After-Free in puppeteer

Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium CVE-2019-5786. The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution. Recommendation Upgrade to version 1.13.0 or later...

Use-After-Free in puppeteer

Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium CVE-2019-5786. The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution. Recommendation Upgrade to version 1.13.0 or later...

Exploit for Use After Free in Google Chrome

PoC exploit for CVE-2019-5786, a FileReader Use-After-Free UAF vulnerability in Chrome 72.0.3626.119 stable for Windows 7 x86. The exploit uses site-isolation to brute-force the vulnerability. The target is the FileReader object, which is used to read files from the local file system. The exploit...

Google Chrome CVE-2019-5786 FileReader Use-After-Free Vulnerability

Google Chrome is prone to a use-after-free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the browser. Failed attempts will likely cause a denial-of-service condition. Recent assessments: gwillcox-r7 at September 23, 2020 8:20pm UTC reported: This was...