178 matches found
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03059)
Mozilla Firefox, an open source web browser from the Mozilla Foundation, is vulnerable to an input validation error that results from a request initiated in reader mode that does not properly omit cookies with the SameSite attribute. An attacker could use this vulnerability to elevate privileges ...
CVE-2022-29912
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
CVE-2022-29912
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
Yelp: If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur
Summary: Cookies are typically sent to third parties in cross-origin requests. This can be abused to do CSRF attacks. Recently a new cookie attribute named SameSite was proposed to disable third-party usage for some cookies, to prevent CSRF attacks. Same-site cookies allow servers to mitigate the...
IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2022-54888)
IBM Security Verify Information Queue using the acronym "ISIQ" is a cross-product integrator that uses Kafka technology and a publish/subscribe model to integrate data between IBM Security products. Security Verify Information Queue is vulnerable to information disclosure in version 10.0.2. An...
Information disclosure
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811...
CVE-2022-35284
IBM Security Verify Information Queue (ISIQ) 10.0.2 is vulnerable to information disclosure due to a missing/insecure SameSite attribute on a sensitive cookie. The issue affects ISIQ 10.0.2 and is addressed by upgrading to ISIQ 10.0.3 or newer. The lack of SameSite disables CSRF protections for t...
PT-2022-22686 · Ibm · Ibm Security Verify Information Queue
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue version 10.0.2 Description: The issue could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. Recommendations: For IBM Security Verify Information Queu...
Security Bulletin: Session cookie used by IBM Security Verify Information Queue is not properly secured (CVE-2022-35284)
Summary IBM Security Verify Information Queue ISIQ v10.0.2 does not set the SameSite attribute in the ISIQ session cookie. As a result, any CSRF protections offered by the attribute are disabled. ISIQ v10.0.3 is now correctly setting the SameSite attribute. CVE-2022-35284 Vulnerability Details...
Oracle Linux 9 : firefox (ELSA-2022-4590)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-4590 advisory. 91.9.0-1.0.1 - Replaced upstream package with oracle-indexhtml Orabug: 33802044 - Add firefox-oracle-default-prefs.js and remove the corresponding Red...
Debian DLA-3020-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3020 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 9 stretch, these...
Debian DSA-5141-1 : thunderbird - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5141 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...
SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2022:1748-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1748-1 advisory. Firefox Extended Support Release 91.9.0 ESR MFSA 2022-17bsc1198970: - CVE-2022-29914: Fullscreen...
SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1731-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1731-1 advisory. - Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin,...
ROS-20220518-01
A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application. Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that Bypasses the existing browser hint and inherits top-level permissions improperly The...
ROS-20220518-02
A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...
AlmaLinux 8 : thunderbird (ALSA-2022:1730)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:1730 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and...
Mozilla Thunderbird < 91.9
The version of Thunderbird installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in...
Debian DSA-5129-1 : firefox-esr - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5129 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...
Mozilla Thunderbird < 91.9
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs...