47 matches found
EUVD-2022-41055
Malicious code in bioql PyPI...
Rocky Linux 8 : firefox (RLSA-2022:6175)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6175 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar...
Important: firefox
Issue Overview: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort...
SUSE CVE-2022-38472
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...
CVE-2022-38472
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...
CVE-2022-38472
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...
Design/Logic Flaw
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...
CVE-2022-38472
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...
CVE-2022-38472
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...
Important: thunderbird
Issue Overview: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort...
SUSE: Security Advisory (SUSE-SU-2022:3030-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3097 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3097 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3097-1 [email protected]...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists due to address bar spoofing via XSLT error handling which allows an attacker to execute arbitrary code on the system...
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:3007-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3007-1 advisory. Firefox Extended Support Release 91.13.0 ESR bsc1202645: - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error...
SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:2984-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2984-1 advisory. Firefox Extended Support Release 91.13.0 ESR bsc1202645: - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error...
CentOS 7 : firefox (RHSA-2022:6179)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6179 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar...
CentOS 7 : thunderbird (RHSA-2022:6169)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6169 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar...
AlmaLinux 8 : firefox (ALSA-2022:6175)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:6175 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar...
AlmaLinux 8 : thunderbird (ALSA-2022:6164)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:6164 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar...
Debian DSA-5221-1 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5221 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution...