44 matches found
Oracle Linux 8 : thunderbird (ELSA-2022-0845)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0845 advisory. 91.7.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.7.0-2 - Update to 91.7.0 build2 91.7.0-1 - Upda...
Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:0824)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0824-1 advisory. - Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 - Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 - expat:...
Security fix for the ALT Linux 10 package firefox-esr version 91.6.1-alt1
91.6.1-alt1 built March 11, 2022 Pavel Vasenkov in task 296362 March 7, 2022 Pavel Vasenkov - New ESR version. - Security fixes: + CVE-2022-26485 Use-after-free in XSLT parameter processing + CVE-2022-26486 Use-after-free in WebGPU IPC Framework...
RHEL 8 : firefox (RHSA-2022:0816)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0816 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
OPENSUSE-SU-2022:0804-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 91.6.2 bsc1196809: - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework...
Mozilla: Use-after-free in WebGPU IPC Framework
An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fixes: Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0783-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0783-1 advisory. - Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had...
SUSE: Security Advisory (SUSE-SU-2022:0777-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2939-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2939 advisory. Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in...
Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Two critical zero-day vulnerabilities have been identified in Mozilla Firefox that are being exploited in-the-wild and tracked as CVE-2022-26485 and CVE-2022-26485. Both are use-after-free bugs that exist in XSLT parameter...
Mozilla Firefox < 97.0.2
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox...
Mozilla Firefox ESR < 91.6.1
The version of Firefox ESR installed on the remote Windows host is prior to 91.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. ...
Mozilla Thunderbird < 91.6.2
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbo...
Mozilla Firefox < 97.0.2
The version of Firefox installed on the remote Windows host is prior to 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We...
USN-5314-1: Firefox vulnerabilities
A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. CVE-2022-26485 A use-after-free was discovered in the...
CVE-2022-26486
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...
UBUNTU-CVE-2022-26486
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...