CVE-2019-12328

A command injection missing input validation issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request...

MGASA-2019-0212 Updated thunderbird packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

MGASA-2019-0211 Updated firefox packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

Updated thunderbird packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

CentOS Update for thunderbird CESA-2019:1777 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4064-1 thunderbird vulnerabilities

A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. CVE-2019-9811 Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially...

USN-4064-1: Thunderbird vulnerabilities

A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. CVE-2019-9811 Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially...

thunderbird security update

CentOS Errata and Security Advisory CESA-2019:1775 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 8 : thunderbird (RHSA-2019:1799)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1799 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fixes: Mozilla:...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190715)

This update upgrades Thunderbird to version 60.8.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 - Mozilla: Sandbox escape via installation of malicious language pack CVE-2019-9811 - Mozilla: Script injection within domain through inner...

RHEL 7 : thunderbird (RHSA-2019:1775)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1775 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fixes: Mozilla:...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190715)

This update upgrades Thunderbird to version 60.8.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 - Mozilla: Sandbox escape via installation of malicious language pack CVE-2019-9811 - Mozilla: Script injection within domain through inner...

RHEL 6 : thunderbird (RHSA-2019:1777)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1777 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fixes: Mozilla:...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-4054-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4054-1 advisory. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190711)

This update upgrades Firefox to version 60.8.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 - Mozilla: Sandbox escape via installation of malicious language pack CVE-2019-9811 - Mozilla: Script injection within domain through inner...

Oracle Linux 6 : firefox (ELSA-2019-1765)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-1765 advisory. 60.8.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one Tenable has extracted the preceding...

RHEL 6 : firefox (RHSA-2019:1765)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1765 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CentOS Update for firefox CESA-2019:1763 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...