Linux Distros Unpatched Vulnerability : CVE-2023-4045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin...

Astra Linux - уязвимость в firefox, thunderbird

Offscreen Canvas did not properly prevent cross-origin tampering, which could allow access to image data from another site in violation of the same-origin policy. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

Astra Linux - уязвимость в firefox, thunderbird

Offscreen Canvas did not properly prevent cross-origin tampering, which could have been used to access image data from another site in violation of the same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

MiracleLinux 9 : firefox-115.12.0-1.el9_4.ML.1 (AXSA:2024-8450:21)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8450:21 advisory. firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant CVE-2024-5688 firefox: External protocol...

MiracleLinux 9 : firefox-102.14.0-1.el9.ML.1 (AXSA:2023-6315:28)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6315:28 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...

CLSA-2025-1766568231 webkit2gtk3: Fix of CVE-2025-43392

CVE-2025-43392: fix cross-origin image data leak by correctly tainting OffscreenCanvas when transferring a cross-origin ImageBitmap...

EUVD-2020-27725

Malware in sbrugna...

EUVD-2023-53936

Malicious code in bioql PyPI...

Fedora 41 : webkitgtk (2024-b142cc07d0)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b142cc07d0 advisory. Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent fi...

Fedora 40 : webkitgtk (2024-4c6304b6fa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4c6304b6fa advisory. Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent fi...

Fedora 39 : webkitgtk (2024-e1357fc22f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e1357fc22f advisory. Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent fi...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...

Mageia: Security Advisory (MGASA-2024-0231)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated thunderbird packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...

CentOS 7 : thunderbird (RHSA-2024:4016)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. - If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...