CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

RHEL 7 : firefox (RHSA-2018:3833)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3833 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 6 : firefox (RHSA-2018:3831)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3831 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Cloud Foundry UAA has an unspecified vulnerability (CNVD-2019-43846)

Cloud Foundry UAA is an authentication and managed service endpoint for the Cloud Foundry cloud platform from the Cloud Foundry Foundation. A security vulnerability exists in Cloud Foundry UAA. An attacker could exploit the vulnerability to obtain account tokens with the same username...

MGASA-2018-0483 Updated firefox packages fix security vulnerabilities

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash CVE-2018-17466. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to...

Updated firefox packages fix security vulnerabilities

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash CVE-2018-17466. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to...

Debian DLA-1605-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy. For Debian 8 'Jessie', these problems have been fixed in version 60.4.0esr-1deb8u1. We recommend that you upgrade you...

openSUSE Security Update : Mozilla Firefox (openSUSE-2018-1544)

This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs. Security issues fixed as part of the MFSA 2018-30 advisory boo1119105 : - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element -...

[SECURITY] [DLA 1605-1] firefox-esr security update

Package : firefox-esr Version : 60.4.0esr-1deb8u1 CVE ID : CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or...

Mozilla Firefox Security Advisories (MFSA2018-28, MFSA2018-30) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox ESR Security Advisories (MFSA2018-29, MFSA2018-30) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox ESR Security Advisories (MFSA2018-29, MFSA2018-30) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3844-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3844-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...

Debian DSA-4354-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

FreeBSD : mozilla -- multiple vulnerabilities (d10b49b2-8d02-49e8-afde-0844626317af)

Mozilla Foundation reports : CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...

[SECURITY] [DSA 4354-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4354-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 12, 2018 https://www.debian.org/security/faq -...