MGASA-2024-0189 Updated nss & firefox packages fix security vulnerabilities

Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...

Updated nss & firefox packages fix security vulnerabilities

Arbitrary JavaScript execution in PDF.js. CVE-2024-4367 IndexedDB files retained in private browsing mode. CVE-2024-4767 Potential permissions request bypass via clickjacking. CVE-2024-4768 Cross-origin responses could be distinguished between script and non-script content-types. CVE-2024-4769...

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

A critical security flaw has been disclosed in the llamacpppython Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 CVSS score: 9.7, the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If...

AlmaLinux 9 : firefox (ALSA-2024:2883)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2883 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affec...

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update ...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

RHEL 9 : thunderbird (RHSA-2024:2904)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2904 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox...

SUSE CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

SUSE-SU-2024:1676-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to version 115.11.0 ESR bsc1224056: - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking...

Oracle Linux 9 : thunderbird (ELSA-2024-2888)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2888 advisory. 115.11.0-1.0.1 - Add Oracle prefs 115.11.0-1 - Update to 115.11.0 build2 Tenable has extracted the preceding description block directly from the Oracle...

Mozilla Firefox Security Update (MFSA2024-21) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Debian dsa-5693 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5693 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/securit...

Oracle Linux 9 : firefox (ELSA-2024-2883)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2883 advisory. 115.11.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 115.11.0-1 - Update to 115.11.0 build1 Tenable has...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...