Oracle Linux 9 : thunderbird (ELSA-2022-6717)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6717 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...

Debian DSA-5238-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5238 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. CVE-2022-40956 -...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Debian DSA-5237-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5237 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or...

Information disclosure

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

OESA-2022-1957 log4j security update

Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Contex...

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

Mozilla Thunderbird < 102.3

The version of Thunderbird installed on the remote Windows host is prior to 102.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-42 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...

CVE-2022-40960

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

The vulnerability of the qemuDomainGetStatsIOThread function in the qemu_driver.c component of the Libvirt virtualization management library allows a attacker to cause a service failure.

The vulnerability of the qemuDomainGetStatsIOThread function in the qemudriver.c component of the Libvirt control library is related to improper memory release before deleting the last references. Exploiting this vulnerability allows an attacker to trigger a service failure remotely...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

Security Vulnerabilities fixed in Thunderbird 102.3 — Mozilla

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...

Security Vulnerabilities fixed in Firefox ESR 102.3 — Mozilla

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...