Fedora 39 : webkitgtk (2024-ba78b27eb8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ba78b27eb8 advisory. Fix web process cache suspend/resume when sandbox is enabled. Fix accelerated images disappearing after scrolling. Fix video flickering with DMA-BUF...

kernel: wifi: iwlwifi: read txq->read_ptr under lock

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq-readptr under lock If we read txq-readptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice,...

SUSE CVE-2024-6608

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...

SUSE CVE-2024-6607

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...

UBUNTU-CVE-2024-6607

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox due to an error when moving the cursor using the pointerlock in an iframe. An attacker can exploit the vulnerability to bypass security restrictions...

Fedora 40 : firefox (2024-cd3a64f43b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cd3a64f43b advisory. - Updated to 124.0 ---- - Updated to latest upstream 123.0.1 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 40 : thunderbird (2024-fc2ae12c31)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fc2ae12c31 advisory. Update to 115.9.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/...

Important: thunderbird

Issue Overview: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...

Important: firefox

Issue Overview: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...

Amazon Linux 2 : thunderbird (ALAS-2024-2505)

The version of thunderbird installed on the remote host is prior to 115.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2505 advisory. AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-023)

The version of firefox installed on the remote host is prior to 115.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-023 advisory. AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced...

Rocky Linux 8 : firefox (RLSA-2024:1484)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1484 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

Fedora 38 : thunderbird (2024-5d080305ab)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d080305ab advisory. Update to 115.9.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/...

Rocky Linux 8 : thunderbird (RLSA-2024:1494)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1494 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

Oracle Linux 7 : firefox (ELSA-2024-1486)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1486 advisory. 115.9.1-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

Oracle Linux 8 : firefox (ELSA-2024-1484)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1484 advisory. 115.9.1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file 115.9.1 - Add debranding patches Mustafa Gezen - Add OpenEL...

Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions

The Mozilla Foundation Security Advisory describes this flaw as: A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions...

Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions

The Mozilla Foundation Security Advisory describes this flaw as: A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions...

Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions

The Mozilla Foundation Security Advisory describes this flaw as: A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions...