CVE-2023-6211

CVE-2023-6211 affects Mozilla Firefox earlier than 120. The initial description states that an attacker could exploit when a user is prompted to load an insecure http: page and has HTTPS-only mode enabled, by tricking the user into clicking to grant an HTTPS-only exception through a clicking game...

Security Vulnerabilities fixed in Firefox 120 — Mozilla

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to ...

Mozilla Firefox < 120.0

The version of Firefox installed on the remote Windows host is prior to 120.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-49 advisory. - Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that...

Fedora 39 : firefox (2023-2bd5892754)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2bd5892754 advisory. - Updated to latest upstream 120.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

CVE-2022-21829

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...

CVE-2022-21829

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million...

Reciever 4.8 - Unable to open the Url -Only Http and Https Urls can be opened

when launching published content from receiver 4.6 onward versions, we get error :"Only Http and Https Urls can be opened"...

Gratipay: stop serving grtp.co over HTTP

Target Domain: grtp.co 1 Issue Details: Service available on HTTP As per the policy details under scope on HackerOne portalhttps://hackerone.com/gratipay, the 'grtp.co'. should be available only on port 443 or HTTPS protocol. However grtp.co service is running on port 80 too i.e., running on HTTP...

Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)

T94116 SECURITY: Compare API watchlist token in constant time T97391 SECURITY: Escape error message strings in thumb.php T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia...

Reddit to Move to HTTPS-Only

In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more of their resources and services. The latest large property to make this move is Reddit, which by the...

Federal Agencies to Move to HTTPS-Only Connections

Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all ...