Mozilla Firefox Security Advisories (MFSA2021-48, MFSA2021-49) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Rocky Linux 8 : firefox (RLSA-2021:4123)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

AlmaLinux 8 : thunderbird (ALSA-2021:4130)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4130 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...

AlmaLinux 8 : firefox (ALSA-2021:4123)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert dialog with arbitrary although unstyled contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

DEBIAN-CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert dialog with arbitrary although unstyled contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert dialog with arbitrary although unstyled contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert dialog with arbitrary although unstyled contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert dialog with arbitrary although unstyled contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CentOS 7 : firefox (RHSA-2021:4116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4116 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

CentOS 7 : thunderbird (RHSA-2021:4134)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4134 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

MGASA-2021-0506 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...

Updated firefox packages fix security vulnerability

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...

Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain

Due to an unusual sequence of attacker-controlled events, a Javascript alert dialog with arbitrary although unstyled contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

RHEL 8 : firefox (RHSA-2021:4605)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4605 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CentOS 8 : thunderbird (CESA-2021:4130)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4130 advisory. - Mozilla: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38503 - Mozilla: Use-after-free in file picker dialog CVE-2021-38504 -...

RHEL 8 : thunderbird (RHSA-2021:4132)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4132 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2021:4130)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4130 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fixes: Mozilla:...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization which allows a Javascript alert dialog with arbitrary contents to be displayed over top an uncontrolled webpage...

Oracle Linux 7 : thunderbird (ELSA-2021-4134)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4134 advisory. 91.3.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.3.0-2 - Update to 19.3.0 build2 91.3.0-1 - Upda...