SUSE-SU-2021:1499-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 bsc1184155: Fix the authentication request port when URL omits the port. Fix iframe scrolling when main frame is scrolled in async scrolling mode. Stop using gmemdup. Show a warning message when overriding signal...

OPENSUSE-SU-2021:0637-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 bsc1184155: Fix the authentication request port when URL omits the port. Fix iframe scrolling when main frame is scrolled in async scrolling mode. Stop using gmemdup. Show a warning message when overriding signal...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1430-1)

This update for webkit2gtk3 fixes the following issues : Update to version 2.32.0 bsc1184155 : - Fix the authentication request port when URL omits the port. - Fix iframe scrolling when main frame is scrolled in async - scrolling mode. - Stop using gmemdup. - Show a warning message when overridin...

SUSE-SU-2021:1430-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 bsc1184155: Fix the authentication request port when URL omits the port. Fix iframe scrolling when main frame is scrolled in async scrolling mode. Stop using gmemdup. Show a warning message when overriding signal...

Receiver for Web Workaround with NPAPI Support Removal in Google Chrome

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. The removal of NPAPI support will affect user experience for users who access Citrix Receiver for We...

SUSE: Security Advisory (SUSE-SU-2016:0727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA11970 ACE vulnerability in Adobe Flash Player

A NULL Pointer Dereference vulnerability was found in Adobe Flash Player. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories APSB20-58 Related products Adobe-Flash-Player-ActiveX Adobe-Flash-Player-NPAPI Adobe-Flash-Player-PPAPI CVE list CVE-2020-9746...

Fedora 31 : seamonkey (2020-bf6ca75fec)

Upgrade to 2.53.1 SeaMonkey-2.53.1, being initially based on the Firefox-56 and Thunderbird-56 code, incorporates now a lot of backported features and security fixes from the newer Firefox/Thunderbird versions up to 75. That way it tries to be a modern browser, preserving the same time the famili...

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:2249-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0180)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed...

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1813)

This update for MozillaThunderbird version 60.8 fixes the following issues : Security issues fixed : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. - CVE-2019-11712:...

CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Cross site request forgery (csrf)

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11712

CVE-2019-11712 describes a vulnerability where NPAPI plugins (e.g., Flash) performing POST requests that follow a 308 redirect can bypass CORS, enabling CSRF. Affected products include Mozilla Firefox ESR < 60.8, Firefox < 68, and Thunderbird

Updated thunderbird packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Cross-Site Request Forgery (CSRF)

firefox is vulnerable to cross-site request forgery CSRF attacks. POST requests made by the NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks...