Mozilla: Cross-origin access to unload event attributes

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history throu...

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

RHEL 7 : thunderbird (RHSA-2019:2773)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2773 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fixes: Mozilla:...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190918)

This update upgrades Thunderbird to version 60.9.0. Security Fixes : - Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message CVE-2019-11739 - Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 - Mozill...

CentOS 7 : firefox (CESA-2019:2729)

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

thunderbird security update

CentOS Errata and Security Advisory CESA-2019:2773 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

firefox security update

CentOS Errata and Security Advisory CESA-2019:2694 An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : thunderbird (RHSA-2019:2774)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2774 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fixes: Mozilla:...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20190911)

Security Fixes : - Mozilla: Sandbox escape through Firefox Sync CVE-2019-9812 - Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 - Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 -...

RHEL 7 : firefox (RHSA-2019:2729)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2729 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message CVE-2019-11739. Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 CVE-2019-11740...

flash-plugin: Arbitrary Code Execution vulnerabilities (APSB19-46)

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

CVE-2019-8069

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

CVE-2019-8069

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

Design/Logic Flaw

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

MGASA-2019-0267 Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...