252 matches found
Rocky Linux 8 : firefox (RLSA-2023:4952)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...
firefox: use-after-free in workers
The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...
Mozilla: Out-of-bounds write in PathOps
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could have provided malicious data in a PathRecording, resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process...
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:3837-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3837-1 advisory. Update to Firefox Extended Support Release 115.3.0 ESR MFSA 2023-42, bsc1215575: Security fixes: - CVE-2023-5168: Out-of-bounds wri...
CVE-2023-5174
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. This bug...
Mozilla Firefox ESR < 115.3
The version of Firefox ESR installed on the remote Windows host is prior to 115.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-42 advisory. - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed...
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-269-01)
The version of mozilla-firefox installed on the remote host is prior to 115.3.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-269-01 advisory. - A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an...
Oracle Linux 8 : thunderbird (ELSA-2023-4954)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4954 advisory. 102.15.0-1.0.1 - Update to 102.15.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
CVE-2023-4573
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...
Debian DSA-5485-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5485 advisory. - When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially...
AlmaLinux 8 : firefox (ALSA-2023:4952)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...
AlmaLinux 9 : firefox (ALSA-2023:4958)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4958 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...
Debian dla-3523 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3523 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3523-1 [email protected]...
Debian DSA-5464-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5464 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the...
CVE-2023-4050
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:2959-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2959-1 advisory. Firefox Extended Support Release 115.0.2 ESR MFSA 2023-26, bsc1213230 Security fixes: - CVE-2023-3600: Fixed use-after-free in workers...
SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:2960-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2960-1 advisory. Firefox Extended Support Release 115.0.2 ESR MFSA 2023-26, bsc1213230 Security fixes: - CVE-2023-3600: Fixed use-after-free in workers...
Fedora 37 : firefox (2023-9d8fcaee88)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9d8fcaee88 advisory. - Updated to latest upstream 115.0.2 - Enabled LTO Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...
Security Vulnerabilities fixed in Thunderbird 115.0.1 — Mozilla
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in...