107 matches found
EUVD-2018-16882
Malware in sbrugna...
EUVD-2018-16965
Malware in sbrugna...
firefox: thunderbird: Use-after-free in Custom Highlight
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...
CVE-2024-10459
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...
CentOS 7 : thunderbird (RHSA-2022:9079)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...
CentOS 7 : thunderbird (RHSA-2020:2906)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2906 advisory. - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially...
CentOS 6 : thunderbird (RHSA-2020:2966)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2966 advisory. - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This...
CVE-2024-5702
The CVE-2024-5702 entry is confirmed with concrete details in connected advisories: memory corruption in the networking stack affecting Mozilla Firefox before 125, Firefox ESR before 115.12, and Thunderbird before 115.12. The root cause is memory corruption in the networking component, potentiall...
Oracle Linux 8 : thunderbird (ELSA-2024-1494)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1494 advisory. 115.9.0-1.0.1 - Add Oracle prefs 115.9.0-1 - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 Tenable has extracted the preceding description block...
RHEL 8 : firefox (RHSA-2024:1491)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1491 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Debian dla-3757 : libnss3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3757 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3757-1 [email protected]...
RHEL 8 : thunderbird (RHSA-2024:0565)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0565 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fixes: Mozilla:...
CVE-2024-0745
A stack buffer overflow flaw was found in Firefox in the WebAudio OscillatorNode object. This flaw can lead to a potentially exploitable crash...
Oracle Linux 7 : firefox (ELSA-2023-6162)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6162 advisory. - Add fix for CVE-2023-44488 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...
Rocky Linux 8 : firefox (RLSA-2023:4952)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...
firefox: use-after-free in workers
The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...
Mozilla: Out-of-bounds write in PathOps
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could have provided malicious data in a PathRecording, resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
Mozilla Firefox ESR < 115.3
The version of Firefox ESR installed on the remote Windows host is prior to 115.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-42 advisory. - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed...
AlmaLinux 8 : firefox (ALSA-2023:4952)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...