Updated thunderbird packages fix security vulnerabilities

This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Thunderbird 68. CVE-2019-11710 Script...

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...

MGASA-2019-0267 Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...

CVE-2019-8069

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

CVE-2019-8069

The CVE-2019-8069 issue affects Adobe Flash Player 32.0.0.238 and earlier; it is a Same Origin Method Execution vulnerability that could lead to arbitrary code execution in the current user context. Multiple connected sources confirm the vulnerability and indicate that update/patches exist: Adobe...

firefox: stored passwords in 'Saved Logins' can be copied without master password entry

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password ...

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Same-origin Policy Violation

Mozilla Firefox is vulnerable to same-origin policy violation. The vulnerability exists due to an error in how same-origin policy which allows an attacker to data theft...

Adobe Flash Player Same Origin Method Execution Vulnerability

Adobe Flash Player is a widely used, proprietary multimedia program player originally written by Macromedia and continued to be developed and distributed by Adobe after Macromedia was acquired by Adobe. A same-origin method execution vulnerability exists in Adobe Flash Player. An attacker could...

RHEL 6 : firefox (RHSA-2019:2694)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2694 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

PT-2020-14896 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7.2 Description: The issue concerns information exposure of service tokens for users enrolled in the same course. Recommendations: For versions prior to 3.7.2, update to version 3.7.2 or later to resolve the issue...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted...

Adobe Flash Player Microsoft Edge and Internet Explorer Security Update (APSB19-46) - Windows

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)

The remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a...

Security vulnerabilities fixed in - Thunderbird 68.1 — Mozilla

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. Some...

FreeBSD : Flash Player -- multiple vulnerabilities (c6f19fe6-d42a-11e9-b4f9-6451062f0f7a)

Adobe reports : - This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution CVE-2019-8069. - This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-8070. C Tenable Network Security, Inc. The...

Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the behavior of...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution CVE-2019-8069. This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-8070...