EUVD-2023-27698

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-23598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website coul...

DEBIAN-CVE-2023-23598

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

CVE-2023-23598

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

CVE-2023-23598

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

Oracle Linux 7 : thunderbird (ELSA-2023-0456)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0456 advisory. 102.7.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.7.1-1 - Update to...

Updated firefox packages fix security vulnerability

A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...

Oracle Linux 7 : firefox (ELSA-2023-0296)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0296 advisory. 102.7.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

Oracle Linux 8 : firefox (ELSA-2023-0288)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0288 advisory. 102.7.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

Mozilla: Arbitrary file read from GTK drag and drop on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...