This archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.
3356c7f94ef68ddc7268602c64a93e10fbaff874992374b51f89d7cf87f71a0cGentoo Linux Security Advisory 201811-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 60.3.0 are affected.
dfd702cee32bc438649bed899c42ec0c300d02359e8e2217025dfe8241b5cd45Gentoo Linux Security Advisory 201810-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.2.2 are affected.
0691ae8021da4956449e6d4f9c1fdd0355496e51bc68aa1daaad0d960ac3e310Red Hat Security Advisory 2018-2251-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
cfab7a998bd27c1e4a1a0e65a6b7bd19bed1aba4d0504b8ee9a31d57643744bfRed Hat Security Advisory 2018-2252-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
710bbfbe7f1c6bbad567e4d6df96227243d295254c8df4498a8b7b3a8cd14173Debian Linux Security Advisory 4244-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
307d6271acb7903ea1cdd898c92f48b7b284c567cd6f920247667d0674c50b55Ubuntu Security Notice 3714-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
5b9a375b7e68e29c645ccc9c61dfe743f7d5c1f9083b295b36d6d6fa792b993cUbuntu Security Notice 3705-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.
cfd4cc88f31fd1abec1754d224edeff04519ec9a5d0a04e2202da985f02d98deRed Hat Security Advisory 2018-2112-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
c83b51fc510827e3da5f97c2bdaefb75707217c460d8a14d5c67b9cf283e90faRed Hat Security Advisory 2018-2113-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
733eefe7a714bfbb481e79af2fb8c94cc9b1e0409edce093a2e253f22750db8eDebian Linux Security Advisory 4235-1 - Several security issues have been found in the Mozilla Firefox web lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.
8c2683c765b5fe80e5b1bcd8d7cdded23af3f5071accff38512c01785137cb09Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.
dba01fd50ccc998756cc8244a767c12352f600e2ebd9dbbb32b2a494b95eb2dfDell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.
b3959182a01a1aa9519f51835810ba1223553cdd3266080ea2086fb66b9d35d5Dell EMC RecoverPoint versions prior to 5.1.2 and Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.1.1.3 suffer from command injection, LDAP password leak, and arbitrary file read vulnerabilities.
a32f56f16886245544fb248cad14e2e09e7d117b2031783004120f837bd910e0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed