Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5504-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5504-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-181-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.0 / 91.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-181-01 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of...

Oracle Linux 8 : firefox (ELSA-2022-5469)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5469 advisory. 91.11.0-2.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.11.0-2 - Update to 91.11...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Debian DSA-5172-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5172 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we...

Mozilla Firefox ESR < 91.11

The version of Firefox ESR installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-25 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of...

Calabrio Teleopti WFM 安全漏洞

Calabrio Teleopti WFM is an enterprise workforce management system from Calabrio USA. providing everything needed to effectively manage employees, forecast demand, automate schedule creation, develop accurate and insightful reports, and improve overall customer service operations. A security...

BitTorrent uTorrent 安全漏洞

BitTorrent uTorrent is a suite of BitTorrent client software written in C++ by the American company BitTorrent. A security vulnerability exists in BitTorrent uTorrent that stems from some unknown functionality of the component JSON RPC server. A remote attacker could exploit the vulnerability to...

CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

DEBIAN-CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

Critical: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

RLSA-2022:4776 Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla:...

Critical: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla: Prototype pollution in Top-Level Await implementati...