CentOS 7 : firefox (RHSA-2022:1284)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1284 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free a...

RHEL 8 : thunderbird (RHSA-2024:1499)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1499 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss:...

Debian DSA-5488-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5488 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable...

CVE-2023-4050

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-38669

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition...

RHEL 8 : firefox (RHSA-2023:1367)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1367 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2022-28282

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

Oracle Linux 8 : thunderbird (ELSA-2022-8547)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8547 advisory. 102.5.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.5.0-2 - Update to 102.5.0 build2 102.5.0-1 -...

Security Vulnerabilities fixed in Thunderbird 91.8 — Mozilla

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...

Updated nss and firefox packages fix security vulnerabilities

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:1367-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1367-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3451-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3451-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitab...

Mozilla Firefox < 90.0

The version of Firefox installed on the remote Windows host is prior to 90.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-28 advisory. - If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespecti...

CVE-2021-23962

Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox 85...

CVE-2021-23962

Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox 85...

CVE-2019-11760

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

Debian DSA-1830-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0040 The execution of arbitrary code might be possible via a crafted...