Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

Mozilla Thunderbird < 78.7

The version of Thunderbird installed on the remote Windows host is prior to 78.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-05 advisory. - Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, Andr Bargull,...

Mozilla Firefox ESR Security Advisories (MFSA2021-02, MFSA2021-05) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

RHEL 8 : firefox (RHSA-2021:0289)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0289 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Security fix for the ALT Linux 10 package thunderbird version 78.7.0-alt1

Jan. 27, 2021 Andrey Cherepanov 78.7.0-alt1 - New version 78.7.0. - Security fixes: + CVE-2021-23953 Cross-origin information leakage via redirected PDF requests + CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements + CVE-2020-15685 IMAP Response...

CVE-2020-25169

The CVE-2020-25169 issue affects Reolink P2P cameras, where data transferred between the local device and Reolink servers may be exposed due to cleartext transmission of sensitive information. The advisory notes a high risk with CVSS v3 base score up to 9.1 (ATT&CK context not explicitly listed i...

Mozilla Firefox ESR < 78.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-04 advisory. - Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, And...

Mozilla Firefox ESR < 78.7

The version of Firefox ESR installed on the remote Windows host is prior to 78.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-04 advisory. - Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, Andr Bargull,...

Outgoing FCC Chair Issues Final Security Salvo Against China

Outgoing Federal Communications Chair Ajit Pai has issued a final warning about Chinese telcos at the end of a tenure spent cracking down on companies like Huawei, ZTE and China Telecom. Pai, a former telecommunications industry lobbyist and in-house counsel for Verizon, told Reuters that managin...

WSuspicious - A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/ It was inspired from the WSuspect proxy project:...

OpenMage: No Limit on Email Subscription

Summary: Hello Madison As I have Found a Business Logic Error which cause unlimited amount of Newsletter Subscription as you can see in the image i have provided Steps To Reproduce: 1. Open Burpsuite and set the proxy and intercept on. 2.Then Go to https://demo.openmage.org/ and enter the Email y...

AZL-31731 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

CVE-2020-8554

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

AZL-31696 CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

Code injection

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

CVE-2020-8554

CVE-2020-8554 affects the Kubernetes API server by allowing an attacker who can create a ClusterIP service with a crafted spec.externalIPs to intercept traffic to that IP, and by abusing privileged status.patch on a LoadBalancer service to set status.loadBalancer.ingress.ip. The issue is rooted i...