MiracleLinux 7 : firefox-68.4.1-1.0.1.el7.AXS7 (AXSA:2020-4427:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4427:01 advisory. Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 Mozilla: Bypass of @namespace CSS sanitization durin...

MiracleLinux 7 : firefox-68.7.0-2.0.1.el7.AXS7 (AXSA:2020-4711:08)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4711:08 advisory. Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method CVE-2020-6821 Mozilla: Memory safety bugs fixed in Firefox 7...

MiracleLinux 7 : firefox-60.1.0-5.0.1.el7 (AXSA:2018-3259:05)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3259:05 advisory. Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 CVE-2018-5188 Mozilla: Buffer overflow using computed size o...

MiracleLinux 4 : firefox-60.3.0-1.0.1.AXS4 (AXSA:2018-3377:08)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3377:08 advisory. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Mozilla: Crash with nested event loops CVE-2018-12392 Mozilla:...

Linux Distros Unpatched Vulnerability : CVE-2019-11710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presu...

Linux Distros Unpatched Vulnerability : CVE-2018-12376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th...

Linux Distros Unpatched Vulnerability : CVE-2019-9808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The...

Linux Distros Unpatched Vulnerability : CVE-2019-9820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This...

Linux Distros Unpatched Vulnerability : CVE-2019-17001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document cross-site scripting...

SUSE CVE-2018-5151

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 60...

SUSE CVE-2018-5176

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...

SUSE CVE-2018-12361

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1...

SUSE CVE-2018-12362

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 SSSE3 scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...

SUSE CVE-2018-18492

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4, Firefox ESR 60.4, and Firefox 64...

SUSE CVE-2018-18503

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox 65...

SUSE CVE-2019-9788

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This...

SUSE CVE-2019-9800

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This...

SUSE CVE-2019-9807

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...

SUSE CVE-2019-11710

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 68...

SUSE CVE-2019-11727

A vulnerability exists where it possible to force Network Security Services NSS to sign CertificateVerify with PKCS1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerabilit...