MiracleLinux 8 : nodejs:18 (AXSA:2022-4480:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4480:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

CVE-2023-25653

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

Mozilla Firefox < 58.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 58.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-02 advisory. - Mozilla developers and community members Calixte Denizet, Christian Holler, Alex Gaynor, Yoshi Huang, Bob...

AZL-43360 CVE-2024-28102 affecting package python-jwcrypto 0.6.0-9

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

Security fix for the ALT Linux 10 package thunderbird version 102.8.0-alt1

102.8.0-alt1 built March 10, 2023 Pavel Vasenkov in task 316084 Feb. 28, 2023 Pavel Vasenkov - New version. - Security fixes: + CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP + CVE-2023-25728 Content security policy leak in violation reports using iframes +...

Mozilla Thunderbird Security Advisories (MFSA2023-05, MFSA2023-07) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Firefox Security Advisories (MFSA2023-04, MFSA2023-06) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

firefox security update

CentOS Errata and Security Advisory CESA-2023:0812 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RLSA-2023:0810 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fixes: Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

RLSA-2023:0808 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fixes: Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation...

RLSA-2023:0821 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fixes: Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation reports using iframes CVE-2023-25728 Mozilla:...

CentOS 7 : thunderbird (RHSA-2023:0817)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0817 advisory. - If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which cou...

Updated thunderbird packages fix security vulnerability

User Interface lockup with messages combining S/MIME and OpenPGP. CVE-2023-0616 Content security policy leak in violation reports using iframes. CVE-2023-25728 Screen hijack via browser fullscreen mode. CVE-2023-25730 Arbitrary memory write via PKCS 12 in NSS. CVE-2023-0767 Potential use-after-fr...

MGASA-2023-0057 Updated thunderbird packages fix security vulnerability

User Interface lockup with messages combining S/MIME and OpenPGP. CVE-2023-0616 Content security policy leak in violation reports using iframes. CVE-2023-25728 Screen hijack via browser fullscreen mode. CVE-2023-25730 Arbitrary memory write via PKCS 12 in NSS. CVE-2023-0767 Potential use-after-fr...

Mozilla: Web Crypto ImportKey crashes tab

The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...

Mozilla: Web Crypto ImportKey crashes tab

The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...

Mozilla: Web Crypto ImportKey crashes tab

The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...