Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
7498b43104d4fb07034d4fa82fae12b25b42d1e94165a25a6a94e278d49e0473
Ubuntu Security Notice 3868-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code.
85233d2f28c9005d6f996d2675c0d1f4b94b69c26083039521f3cc4a116d3f42
Ubuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.
33dfd212dff4b39a5b8a3ffb081d43f4f2201ce71c47312b15edcf37961cf627
Gentoo Linux Security Advisory 201811-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 60.3.0 are affected.
dfd702cee32bc438649bed899c42ec0c300d02359e8e2217025dfe8241b5cd45
Debian Linux Security Advisory 4337-1 - safety errors may lead to the execution of arbitrary code or denial of service.
56f49906d85fb598d72fe1dc02adfdda82ac9c2203999f47baa5ef2b0ca4cdc2
Red Hat Security Advisory 2018-3531-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Issues addressed include an integer overflow vulnerability.
8c15fea412bc4b4a2e9f6cbca2957d6a314483c55100b21551aaed960fd825ed
Red Hat Security Advisory 2018-3532-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Issues addressed include an integer overflow.
7ddabe0c631f025e5f76c79adbf664f42dddd68dbde947f177178f29cfde288d
Gentoo Linux Security Advisory 201811-4 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.3.0 are affected.
8aa3bc82e407773bfdcd9ad96772bd8c0b936737c4e6cd15abbc811752a70ecc
Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49
Red Hat Security Advisory 2018-3458-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Issues addressed include bypass and use-after-free vulnerabilities.
51190964eea84c696b05814f1222a6712caf0740904e1afe2a2b77293feb7fad
Red Hat Security Advisory 2018-3403-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Issues addressed include bypass and use-after-free vulnerabilities.
bde96bf6d5d37b5efda9d745a300a0fe73ab07d645bea48e64fbffa17ca6b4d2
Debian Linux Security Advisory 4327-1 - Multiple memory safety errors and use-after-frees in Thunderbird may lead to the execution of arbitrary code or denial of service.
b8e9888995dd121b5a52e5b325f620018e65bb80ce0d368243634ad49d060edf
Debian Linux Security Advisory 4324-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code, privilege escalation or information disclosure.
1482c2a868a3a226457b9a48ae252f72677cae5cfb4f4f174c2f98c16cf35579
Red Hat Security Advisory 2018-3005-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Issues addressed include a bypass vulnerability.
cbe0092b4ab4c017536af033dc254c363296b218182c1c9eb5d24dfe63da335e
Red Hat Security Advisory 2018-3006-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Issues addressed include a bypass vulnerability.
f0049252ccdb1467288167b83d6220b93438abe9b208d230f5cb0c480f6e3c7e
Ubuntu Security Notice 3801-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Various other issues were also addressed.
070751dac62d0e36aedbaaf6e004869962630cbbfb0a6e6921710868df00e0da
Ubuntu Security Notice 3793-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
02e62b2bffb86438849c76b75b7f7492d31b01439a58b29eb4c7e7f49d5ddbbc
Red Hat Security Advisory 2018-2898-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Issues addressed include an nss problem where ServerHello.random is all zeros when handling a v2-compatible ClientHello.
981d8e1a8cc5e3e3605ca76cb71594d80c3e237ad5f779aa821e8a0f842a8877
Red Hat Security Advisory 2018-2884-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include type confusion and out-of-bounds read vulnerabilities.
a503d8f752218d1ebc2a0f3c9de265aac7e02a167b6516ef1f115e1f3369b673
Red Hat Security Advisory 2018-2881-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include an out-of-bounds read.
8be099e7a5728383e2bf6b4a48e46f149d1ef5b73774acdf5f44311b39e6b277
Debian Linux Security Advisory 4310-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process.
edbb1cf8b0b9f5831faa87650ee6af1af53f44820683e261ff3597ceb64387f1
Ubuntu Security Notice 3778-1 - A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
a69ab9fe6502be4b61f6561f6d0e2050616a619735003e0abb30915f7a0370a6
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
e409996a93b56a3beccbb769cb31201dc29fd079c498e1cb926597616d9195b0
Gentoo Linux Security Advisory 201810-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.2.2 are affected.
0691ae8021da4956449e6d4f9c1fdd0355496e51bc68aa1daaad0d960ac3e310
Red Hat Security Advisory 2018-2835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.
80ff187b2df61c699663bb15ce53928b394f62572e3fb2cc571a9a9b5593d95b