Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190125)

This update upgrades Thunderbird to version 60.4.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 CVE-2018-12405 - chromium-browser, firefox: Memory corruption in Angle CVE-2018-17466 - Mozilla: Use-after-free with select element CVE-2018-18492 - Mozilla:...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3868-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3868-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

RHEL 6 : thunderbird (RHSA-2019:0159)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0159 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fixes: Mozilla:...

RHEL 7 : thunderbird (RHSA-2019:0160)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0160 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fixes: Mozilla:...

Oracle Linux 7 : thunderbird (ELSA-2019-0160)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-0160 advisory. 60.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.4.0-1 - Update to 60.4.0 Tenable has extracted...

Mozilla Thunderbird Security Advisory (MFSA2018-31) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Ubuntu: Security Advisory (USN-3868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

USN-3868-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code...

USN-3868-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code...

How Web Apps Can Turn Browser Extensions Into Backdoors

Researchers have added another reason to be suspicious of web browser extensions. According to a recently published academic report, various Chrome, Firefox and Opera browser extensions can be compromised by an adversary that can steal sensitive browser data and plant arbitrary files on targeted...

Mozilla Firefox 64 Information Disclosure Exploit

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker. Product: Firefox Manufacturer: Mozilla Affected Versions: = 64 Teste...

Mozilla Firefox 64 Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-041 Product: Firefox Manufacturer: Mozilla Affected Versions: = 64 Tested Versions: 61, 62, 63, 64 Vulnerability Type: Information Exposure CWE-200 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2018-07-19...

Live555 Media Server Denial of Service Vulnerability

LIVE555 Media Server is an RTSP server program that provides various media file streaming services. The LIVE555 Streaming Media inventory in version 0.93 of Live555 Media Server is vulnerable to a denial of service vulnerability that can be exploited by an attacker who sends a GET request with a...

Same-Origin Policy Bypass

Mozilla Firefox is vulnerable to same-origin policy bypass. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, wh...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution attacks. The vulnerability exists as Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via...

Google Chrome Blink Security Bypass Vulnerability (CNVD-2019-03550)

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in versions of Google Chrome prior to 66.0.3359.117, which stems from the program's...

CVE-2018-16192

Aterm WF1200CR and Aterm WG1200CR Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors...

CVE-2018-16200

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands...