The vulnerability of the GNOME Shell’s graphical shell in the GNOME desktop environment of Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the GNOME Shell’s graphical interface in GNOME desktop environments on Linux operating systems is related to the lack of measures taken to neutralize the script in the web page attributes. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript...

AlmaLinux 8 : firefox (ALSA-2024:3954)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:3954 advisory. firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant CVE-2024-5688 firefox: External protocol...

ROS-20240619-01

A vulnerability in the OpenSSH ECDSA Key Handler component of the OpenSSH ECDSA Key Handler technology for signing and encrypting JavaScript objects in Python is related to the definition of a blacklist of prefixes for public keys. Exploitation of the vulnerability could allow an attacker acting...

SUSE-SU-2024:2061-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Update to version 115.12.0 ESR bsc1226027 - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in JavaScript object transplant - CVE-2024-5690: External protocol handlers leaked by timing attack - CVE-2024-5691:...

Mozilla: Use-after-free in JavaScript object transplant

The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant...

Important: Red Hat Security Advisory: firefox security update

An update for Firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Mozilla: Use-after-free in JavaScript object transplant

The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Mozilla: Use-after-free in JavaScript object transplant

The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fixes: firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fixes: firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant...

ALSA-2024:3954 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fixes: firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant...

RHEL 8 : firefox (RHSA-2024:3952)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...

CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...

CVE-2024-36656

In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting XSS attack...

CVE-2024-36459

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-4270

CVE-2024-4270 — SVGMagic WordPress plugin (&lt;= 1.1) The vulnerability stems from the plugin not sanitizing SVG file contents, enabling an attacker with at least the author role to upload SVGs containing malicious JavaScript that can trigger Stored XSS. The issue is rooted in insufficient input ...