MiracleLinux 8 : firefox-128.5.1-1.el8_10.ML.1 (AXSA:2024-9056:38)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9056:38 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...

EUVD-2010-1450

Malware in sbrugna...

EUVD-2015-2832

Malware in sbrugna...

EUVD-2024-47672

Malicious code in bioql PyPI...

EUVD-2022-48288

Malicious code in bioql PyPI...

Malicious code in on-key-press (npm)

The package on-key-press was found to contain malicious code...

MAL-2025-28228 Malicious code in on-key-press (npm)

The package on-key-press was found to contain malicious code...

cli-form (>=0.0.0 <=0.1.4), cli-qa (>=0.0.0 <=2.3.0) +2 more potentially affected by unknown CVE via on-key-press (=0.0.0)

on-key-press NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on on-key-press and may be impacted: - cli-form =0.0.0, =0.0.0, =0.0.0, =0.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28228...

AZL-58616 CVE-2025-29768 affecting package vim for versions less than 9.1.1198-1

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

X11 Keylogger

This module binds to an open X11 host to log keystrokes. This is a fairly close copy of the old xspy c program which has been on Kali for a long time. The module works by connecting to the X11 session, creating a background window, binding a keyboard to it and creating a notification alert when a...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 bsc1233695: CVE-2024-11691: Memory corruption in Apple GPU drivers CVE-2024-11692: Select list elements could be shown...

CVE-2024-11697

When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Security Vulnerabilities fixed in Thunderbird 133 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Malicious websites may have been able...

SUSE CVE-2015-2742

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream...

Mozilla Firefox Security Advisory (MFSA2015-68) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

MITM RDP Connections: Seth

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...