RHEL 9 : firefox (RHSA-2024:1487)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1487 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.9.1 ESR. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: JIT...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6710-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6710-1 advisory. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A...

CentOS 7 : firefox (RHSA-2024:1486)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1486 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

RHEL 9 : firefox (RHSA-2024:1483)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1483 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Twenty 安全漏洞

Twenty is a CRM platform open-sourced by Twenty. A security vulnerability exists in Twenty version 0.3.0. An attacker can exploit this vulnerability to trigger javascript code execution via a specially crafted svg file...

RHEL 9 : firefox (RHSA-2024:1485)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1485 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 8 : firefox (RHSA-2024:1488)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1488 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 8 : firefox (RHSA-2024:1484)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1484 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Privilege Escalation

Firefox is vulnerable to a Privilege Escalation. The vulnerability is due to the unauthorized injection of an event handler into a privileged object, leading to arbitrary JavaScript execution in the parent process...

SUSE CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

Debian dsa-5645 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5645 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5645-1...

Slackware Linux 15.0 / current mozilla-firefox Vulnerability (SSA:2024-083-01)

The version of mozilla-firefox installed on the remote host is prior to 115.9.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-083-01 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript executi...

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

CVE-2024-29944

The CVE-2024-29944 issue affects Mozilla Firefox on desktop (not mobile), allowing an attacker to inject an event handler into a privileged object to achieve arbitrary JavaScript execution in the parent process. Affects Firefox versions older than 124.0.1 and Firefox ESR older than 115.9.1; multi...

UBUNTU-CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

Mozilla Firefox ESR < 115.9.1

The version of Firefox ESR installed on the remote Windows host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution ...

Mozilla Firefox < 124.0.1

The version of Firefox installed on the remote Windows host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...